Critical infrastructure cyber threat

Banks, critical infrastructure and cryptocurrency exchanges will be the most likely targets for hackers in the near future, warns a new report.

“In the next year, the main point of losses for banks from cyber attacks will be not theft of money, but destruction of their IT infrastructure during the final stages of a targeted hacking attack,” says the Group-IB Hi-Tech Crime Trends 2017 study.

“Banks used to be attacked only by cybercriminals. Today, State-linked hackers are doing this far more frequently. By destroying IT infrastructure, cyber criminals will attempt to cover their tracks during thefts, while the aim of State-sponsored hackers will be to maximise the damage to banks and discontinue banking operations.

“In both cases, the damage done to banks may be even greater than the amount of funds stolen due to service interruptions and resulting reputational and regulatory impact.”

The report adds that hackers will now successfully attack more industrial facilities as they have “learnt how to work with the ‘logic’ of critical infrastructure”.

These facilities use complex and unique IT systems, it says, and even if one gains access to them, “specific knowledge about the principles of their operation is needed to conduct attacks”.

“Over the past year, we have observed that hackers’ competence has increased, along with their capacities to impact critical infrastructure. Therefore, we now forecast new large-scale incidents targeting industrials and related core infrastructure,” the report adds (see PP574 – Cyber threat to critical infrastructure).

The report also highlights how hackers are switching their focus from banks to the crypto industry – ICO (initial coin offering), wallets, exchanges, funds – which have been accumulating increasingly large capitalisations and funds.

According to Group-IB, specialists in preventing and investigating hi-tech crimes and online fraud and an official partner of Europol and Interpol, in technical terms, the attacks against service providers in this sector are no more difficult than against banks, “however the information security in place and maturity of blockchain companies is significantly lower”.

“A further motivation for criminal attackers is that blockchain technologies (public ledger of all cryptocurrency transactions) are more anonymous and unregulated – this considerably reduces the risk of being caught during money withdrawal,” it adds.

The report reveals that the total damage caused by targeted hacker attacks on the cryptocurrency industry amounts to more than $168 million, and the income from attacks on cryptocurrency exchanges varies from

$1.5 million (Bitcurex) to $72 million (Bitfinex), while a successful attack on a bank brings criminals only about $1.5 million on average.

“In addition to higher profitability, hackers are attracted by anonymity being one of the basic principles of the cryptocurrency industry,” says the report (see PP577 – In the dark).

“Cryptocurrencies and related services represent an extremely dynamic and high-yielding market. With such a rate of development and money inflow, security issues are often considered by blockchain startups as being of minor importance – and hackers take advantage of this.

“The more successful a fintech (financial services technology) project is, the larger its financial footprint or ICO. This makes it more attractive for attacks.

“In each case, attackers can use a wide range of existing techniques from commonplace phishing and interception of control over domains to vulnerabilities in source codes and targeted attacks with a view to gaining access to companies’ local networks.”

Group-IB says the number of threats for cryptocurrency and blockchain projects recorded by its threat intelligence system has “rocketed alongside the bitcoin rate”, adding: “Hackers have already used vulnerabilities in source codes of smart contracts, gained access to secret wallets of cryptocurrency exchanges, and arranged leakages of user databases and hijacking of domain names. Owners of bo