[BreachExchange] Hackers switched from direct theft of money to gaining control over the infrastructure of companies

Destry Winant destry at riskbasedsecurity.com
Thu Apr 2 10:24:11 EDT 2020


According to the report by Rostelecom Solar JSOC, hackers changed the
focus of attacks, switching from direct theft of money to gaining
control over the infrastructure of companies. Experts explain this
trend by the fact that the average level of security of banks has
increased significantly, which forces hackers to look for more
vulnerable targets. Moreover, the demand for industrial espionage has
increased on the black market. However, experts said that the activity
of such hacker groups began to decrease against the background of the

According to the report, by the end of 2019, the number of attacks
aimed at gaining control over the infrastructure of companies and
organizations has increased by 40%, while attacks for the purpose of
stealing money have become 15% less frequent.

A long and unnoticeable presence in the organization's infrastructure
allows attackers to investigate its internal processes in detail, gain
deeper access to IT systems and control over them, says Vladimir
Drukov, Director of Solar JSOC. He notes that hackers monetize this
information by selling it on the black market, blackmailing the victim
organization, or engaging in competitive intelligence.

In addition, in recent years, attacks are increasingly targeted at
industrial and energy facilities, as well as government agencies whose
control over infrastructure is critical for the country.

Kaspersky Lab confirmed that the number of attacks on corporate
infrastructure is increasing. According to antivirus expert Denis
Legezo, about 200 groups engaged in cyber espionage are currently
being observed. However, the expert notes that during the coronavirus
pandemic, a decline in their activity is noticeable.

Head of Analytics and Special Projects at InfoWatch Group of Companies
Andrei Arsentyev noted that hackers are usually engaged in industrial
espionage by order, including “hunting for various know-how, business
development plans, pricing schedules”.

Attackers can monetize attacks not only through theft of funds but
also by selling already configured connections to the victim’s local
network to other criminals, says Evgeny Gnedin, head of Positive
Technologies information security analytics department. Such a model
of “access as a service” is gaining momentum today, which explains the
increase in the number of such attacks.

More information about the BreachExchange mailing list