Group-IB, a Moscow-based cybercrime investigation company operating globally, has just published its 2015 report on cybercrime trends in Russian and beyond.
Analyzing the situation in Russia and the former Soviet Union, Group-IB’s analysts expect the following trends to play out in the next six months:
- Mobile users are increasingly exposed to cybercrime
Following the growing penetration of mobile banking, Trojans are increasingly used to target smartphones and tablets, overshadowing the use of PC Trojans by cybercriminals. Android platforms are the main target, with the majority of cases involving European banks.
“All new bank Trojans on the Android platform have the function to steal money automatically and collect card data,” whatever bank is concerned, the Group-IB analysts found.
What’s more, the newest Trojans functions “allow their operators to receive total control of a smartphone phone,” including the call history, the SMS messages, geolocation data, the access to all the files on the phone as well as to information stored in cloud servers.
- Trading and brokerage systems under threat
This year for the first time ever, an attack targeted a Russian online trading system with losses estimated at some $5 million. “This attack led to major uncertainty for the currency markets,” notes the report, while “the functions of several new malware programs now include a separate section for use on trading systems.”
In particular, the Corkow group’s Trojan can now operate on the QUIK and TRANSAQ trading systems. On its side the Anunak group, which last year targeted banks and payment systems, has shifted its to focus to trading systems.
- More CryptoLocker attacks expected in the corporate world
CryptoLocker, a ransomware trojan which initially targeted computers running Microsoft Windows, is viewed by Group-IB as a “constantly growing threat” in Russia, with new services and types of lockers being created.
“Malicious software have strengthened their encryption methods, making it impossible to decrypt files without the encryption keys from the attacker’s server,” the report explained.
Moreover, new Trojans targeting Linux-servers have appeared, while a new type of ransomware called «Apple Locker» is now being used to attack Apple customers. “Perhaps in the future a whole family of similar malicious programs will be developed,” Group-IB writes.
- “Russian hackers” re-target the West
Due to the ruble’s sharp depreciation in 2014 and 2015, hackers from the former Soviet Union have shifted their focus to western banks and their clients.
“The twelve most widely used Trojans used to target European and US banking clients were developed or operated by Russian speaking cyber criminals,” according to the report.
Groub-IB also expects POS terminal incidents to be even more frequent in the next few months as the number of programs designed for this purpose continues to increase and be more easily accessible.
To purchase this report or download a free summary, please click here.