Название: Digital transformation for chiefs and owners. Volume 3. Cybersecurity
Автор: Dzhimsher Chelidze
Издательство: Издательские решения
isbn: 9785006442115
isbn:
Dynamics of the shadow market
Third, attacks become targeted rather than mass attacks. As mentioned earlier, it was 43 per cent, now it is 70 per cent.
Fourth, no matter how advanced the technology, the bottleneck is still people. Therefore, since 2017, the number of people caught on phishing letters, not only has not decreased, but, on the contrary, has increased multiple. Additionally, in the top most used and effective ways to penetrate the company is still phishing via email. In this case, the topics that people open most often remain unchanged from year to year: salary, bonuses, social programs, DMS, resume. In addition, the best mailing lists dedicated to events in a particular company or division. That is, the growing role of social engineering.
The statistics of attacks against ordinary people are interesting. After all, the endless leaks of personal data make it easier for hackers to choose the right people when planning an attack on the organization. So, in 2021 in 58% of attacks hackers infected users’ devices with malicious software: these were applications for remote control (34%), spyware (32%) and bank trojans (32%). By the end of 2022, spyware was already used in 49% of successful attacks.
At the end of 2022, phishing sites (42% of successful attacks) and emails (20%) were the most common source of infection. Hackers also combined people’s personal devices and organized so-called ddos attacks, that is, simply overloaded the IT infrastructure of the victim organization. Additionally, in massive phishing attacks hackers used the current news agenda: purchase of fake certificates of vaccination, creation of fraudulent sites before the European Football Championship, premiere of a new episode of the series “Friends” or other “delicious” event.
Additionally, fifthly, managers are pragmatic people who want guarantees. As a result, we came to the second trend – the formulation of simple and understandable for top managers queries, so that the unacceptable could not be implemented.
In my opinion, this is quite a normal situation. It is impossible to build up armor indefinitely and close. If you like to drive tanks, remember the example of the Mouse tank, which eventually became sluggish and in life could not move at all, becoming only a museum exhibit. At the same time, the development of technology still made it pierced. In the struggle of armor and projectile always in the end wins the projectile.
Returning to the language of business, I will share an observation. Increasing the armor sometimes leads to the growth of useless bureaucracy. I’ve seen companies close so that business processes stop, and people just go outside the company, start working communication and document exchange in open messengers and personal mail. After all, they have KPI and they require results. And waiting for a week or two until the technical support solves another problem, they cannot. In the end, we want to defend ourselves, but only by multiplying the risks.
The third trend is the development of cyber-polygons and cyber-battles, which provide an opportunity for cyberbes professionals to try their hand at detecting and suppressing malefactors, testing infrastructure and obtaining information for analysis and development. Additionally, since the beginning of 2023, there is active creation of programs to search for vulnerabilities for reward. Such programs are called Bug bounty. This allows “white” hackers and researchers to apply their knowledge for the good and get a reward for it. This applies mainly to the financial sphere (vulnerability search programs) and large corporations (participation in cyber battles).
Chapter 4. What happens in the Industry
Attacks on corporations and organizations are becoming increasingly like planned military operations – attacks on both equipment and people. Therefore, we already know about phishing, exploiting vulnerabilities and so on. However, in addition, there are specialized companies that are developing tools to penetrate various information systems. This is particularly the case in countries where such work is not restricted by legislation. That is, in principle, it is not an illegal business, and given the current situation, many countries are likely to turn a blind eye to it altogether.
Public administration and organizations
State organizations now, in 2022—2023, are undergoing a real combat baptism. In 2022, the number of successful attacks on government agencies increased in every quarter. Government agencies faced the highest number of incidents among any organization. They accounted for 17% of the total number of successful attacks (in 2021 this figure was 15%). In total, in 2022 PT recorded 403 incidents with state organizations, which is 25% more than in 2021.
The main way of attack is social engineering. The target of attacks is data. And this is understandable, because automation and digitalization into the state. Control is well under way. This means that public authorities are beginning to generate big data: taxes, medical information, biometrics, etc. Medical data are of special interest to hackers, including for the purposes of social engineering, increasing the effectiveness of phishing attacks.
The most popular types of malware were cryptographers (56%) and programs for remote control (29%). Additionally, the share of attacks on web resources is constantly growing – in 2020 there were 14%, by the end of 2022 – 41%.
Additionally, government structures are under attack not only in our country.
Example 1
In mid-October 2021, the hacker gained access to the Argentine government’s database, which contains information on all citizens’ identity cards. As a result, on the black-market data and ID-cards of the entire population of Argentina, that is, more than 45 million citizens were put on sale. Moreover, as a confirmation of the data, the hacker disclosed information about 44 known personalities, including the President of the country.
Example 2
Police Department of the US capital Washington. There was a massive leak of internal information after the attack of the extortion program. Thousands of confidential documents were published in the darkwebe (a segment of the Internet that is hidden from ordinary users, where people sell forged documents, weapons, drugs, and hackers orders). Hundreds of police files, informants and intelligence reports from other government agencies, including the FBI and the Secret Service, were also discovered.
Example 3
The hackers’ data encryption attack caused the collapse of the IT infrastructure of three hospitals in the United States, disrupted several routine surgeries, disrupted patient intake, and stole 1.5 TB of personal data, including medical records. The group received a $1.8 million ransom for decrypting the stolen information. A cyber-attack of extortionists on one of the main hospitals of Barcelona (Clinic de Barcelona) resulted in damage to the IT infrastructure of the clinic and forced to cancel 150 urgent operations and up to 3000 patient examinations (according to the Associated Press).
Example 4
Another interesting case was November 2022. At one of the forums in the darkeven there was a report about the hacking of the infrastructure of the Federal Tax Service of Russia. Hackers claimed to have downloaded 800 GB of confidential information. No official comments from the agency were received. The evidence included references to several projects, which according to hackers were taken from the NRF database. “It only took us СКАЧАТЬ