- Hisense's latest laser projector is so sharp and vivid, it may just replace your 4K TV
- If you're planning to upgrade your phone, you might want to buy one now - here's why
- Run LLMs Locally with Docker Model Runner | Docker
- Microsoft unveils 9 new Copilot features - you can try some now
- Nintendo Switch 2 pre-orders delayed, new price hike likely - here's why
Russian Cyber-criminals Switch to Cloud
Cybersecurity firm Kaspersky today released research on Russian-speaking cyber-criminal activity and how it has changed over the past six years.
The study by Kaspersky’s Computer Incident Investigation Department found that historically favored attacks targeting banks and other financial organizations with money-stealing malware have largely been replaced. Nowadays, cyber-criminals prefer to hit their targets with ransomware and data-stealing attacks delivered via spear-phishing emails with malicious attachments.
“Back in 2016, our primary focus was on big cyber-gangs that targeted financial institutions, especially banks,” said Ruslan Sabitov, security expert at Kaspersky. “Big names such as Lurk, Buhtrap, Metel, RTM, Fibbit, and Carbanak boldly terrorized banks nation-wide, and in some cases internationally. Yet, they have eventually fallen apart or ended up behind bars – with our help.”
Researchers observed that the old attack method was reliant on the existence of security holes in popular web browsers and suggested that improvements to the security of browser and other technology was behind the switch.
Another key change recorded was a move away from developing malware in-house and toward public cloud infrastructure. Researchers found that cyber-criminals now prefer to use publicly available penetration testing and remote access software that can bypass security defenses by appearing to be legitimate.
Cyber-criminals were found to be working together in much smaller groups than before. And, instead of hitting Russia and the Commonwealth of Independent States territories, they are striking targets overseas.
“No longer needing to create their own malicious tools together with active usage of cloud infrastructure allows them to conduct malicious activity in much smaller groups than was previously possible,” noted researchers.
“With the exploit mitigations put in place by browser vendors, the difficulty of weaponizing a one-day vulnerability is substantially higher. Simultaneously, the lifetime of any weaponized exploit is much lower thanks to automatic updates,” BreachQuest co-founder and CTO, Jake Williams, told Infosecurity Magazine.
He added: “We expect over time to see groups continue to become more specialized in the targeting of their operations. And given the difficulty of weaponizing exploits, it’s a near certainty that we’ll contend with more social engineering as an initial entry vector.”
