The global shift to remote work due to the COVID-19 pandemic and massive downsizing have catalyzed a spike in cybercrime. In 2020, the majority of cybercriminal groups switched to ransomware attacks, which helped them gain more with easier technical implementation. For instance, Cobalt and Silence hacker groups, which used to target banks, became participants of private ransomware affiliate programs.
By Dmitry Volkov, CTO and the Head of the Threat Intelligence & Attribution Department, Group-IB
In addition, Big Game Hunting was gaining momentum in 2020: attackers focused heavily on large networks to get a higher ransom, new cybercriminal groups joined the game, and new collaborations between representatives of various cybercrime segments emerged.
According to Group-IB Hi-Tech Crime Trends report, the total damage of ransomware operations in 2020 reached at least $1 billion, while their main targets were located in the U.S., the United Kingdom, Canada, France, and Germany. The top five industries in terms of the number of attacks were manufacturing, retail, public sector, health care, and construction.
Another trend of the outgoing year was the tremendous growth of the sale of access to the networks of compromised companies, which increased 2.6-fold. It is noteworthy that the market for the sale of access to corporate networks has correlations with ransomware attacks: most threat actors offered access to U.S. companies (27%), while manufacturing was the most frequently attacked industry in 2019 (10.5%).
Selling access to a company’s network is usually only one stage of the attack: the privileges gained might, for example, be used for both launching ransomware and stealing data, with the aim of later selling it on underground forums or spying.
The direct consequence of the pandemic will be the long-term growth of cybercrime. The pandemic has caused many people to lose their jobs and search for new sources of income. In the next 3-5 years, we’re likely to see the rapid growth of digital crime due to the dire economic situation in various parts of the world that is likely to encourage more individuals to go over to the dark side. Financially motivated threat actors will most likely evolve, and such attacks will be quite widespread. Сyber espionage attacks — political, interstate, and corporate ones — will also hold a prominent place.
Next year, Group-IB expects to see new hacker groups that will specialize in attacks on industrial enterprises and gaining access to supervisory control and data acquisition (SCADA) systems in order to manipulate the manufacturing process. In light of the rising tensions in the Middle East, we will possibly see the first attacks on the control systems of transport ships in the Persian Gulf. In addition, Group-IB expects more sabotage operations against Iran’s critical infrastructure facilities, especially those related to nuclear energy.
Against the backdrop of growing confrontation between various states, we also expect that threat actors will attack telecom operators for the first time in order to cause logical network congestion, which would lead to a cascading effect and affect multiple industries. Attacks on energy facilities are likely to take place in the Middle East or in other countries where new military conflicts arise. Hacker groups using JS-sniffers will pose a major threat to online retail, especially in the U.S. Meanwhile, the main business risks will be associated with fines for security violations rather than with compensation for damage to customers or reputational losses. Next year, Group-IB doesn’t foresee a large number of traditional attacks on banks for theft purposes. There may be rare incidents, but this type of activity will no longer be as widespread as it used to be.
About the Author
As a first-year student at Russia’s leading engineering university the Moscow State Technical University of N.E. Bauman, Dmitry Volkov co-founded Group-IB, a cyber investigations startup back then. Currently, he serves as the CTO and the Head of the Threat Intelligence & Attribution Department. Volkov is the mastermind behind most of Group-IB’s products. From day one, he has been a prominent voice leading Group-IB toward becoming the go-to expert in threat hunting and intelligence.
Volkov is a recognized visionary leader. In 2015, he was listed by Business Insider as one of the top 7 professionals behind influential security companies. Volkov is a great believer in the idea of engineering neutrality and an advocate of cyber weapon non-proliferation. In 2013, he became a member of the UN Open-ended Intergovernmental Expert Group aimed at conducting a comprehensive study on the problem of global cybercrime. Since 2016 he is a member of the Europol EC3 Advisory Group on Internet Security.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.