Ransomware fueling global cybercrime surge and Network hacking

The last year was a very tortured period due to pandemic Covid-19 for the world economy. That was noticeable also by the getting up in the underground market for selling access to corporate networks and a more than twofold growth in the ‘carding’ market.  

Sales of access to compromised corporate networks grew four-fold over the last 12 months, reported by threat intel firm Group-IB. 

The 277 offers of access to corporate networks were put up for sale on underground forums, in the first six months of 2020 alone.

There is an increment in 2020, demand for access to state agency networks (10.5%), academic institutions (10.5%), and IT companies (9%) was high.

The profit gained might be used for both launching ransomware and stealing data, with the aim of later selling it on underground spying or forums.

Ransomware gangs switching tactics

A surge in ransomware attacks, reported by the Group-IB’s Hi-Tech Crime Trends, released this week. More than in 45 countries, 500 such attacks were reported, over the last 12 months.

With the country accounting for about 60% of all known incidents, a major ransomware “plague” outbreak was detected in the US.

Including state agencies (39 victims), retail (51 victims), manufacturing (94 victims), construction (30 victims), and healthcare (38 victims) the top five most frequently attacked industries. 

Cashing out

The carding market grew by 116% in cybercrime from $880 million to $1.9 billion.

The increment applies to both dumps (magnetic stripe data) and textual data (bank card numbers, expiration dates, account holder names, addresses, CVVs).

Connected with POS terminals, dumps are mainly obtained by infecting computers with special trojans and thereby collecting data from random-access memory.

By the PC/Android banking Trojans and phishing websites textual data is collected, by compromising e-commerce websites, and by using JS sniffers.

The activities of 96 JavaScript sniffer families are currently tracked by Group IB. Nearly 460,000 bank cards were compromised using JS sniffer (such as Magecart) attacks, over the past year, according to Group-IB.  

Spycraft turns destructive 

The physical destruction of infrastructure is replacing espionage as a motive in many military operations in cyberspace, according to Group-IB’s latest threat intel report.

The researchers claim the nuclear industry has become a prime target for attacks.  

During which no attacks were observed, unlike the previous reporting period, the current one was marked by attacks on nuclear energy facilities in Iran and India.

Devices on the same network communicate with each other using packets, in networking. If you login a website, send a video, send an email, or send chat messages, all the data is exchanged as packets. Devices make certain that the packets go in the right direction using the mac address, in networking. Every packet has destination mac and source mac, and it flows from the source mac to destination mac.

It is crucial for network defenders to understand how packets or frames can be injected, crafted, and intercepted. Such as, how their switches react to classic ARP poisoning or CAM table overflow attacks would be observed by concerned administrators and would test their IDS systems for fragmentation-related fragility with fragroute or fragrouter tools. Same as, advantage taken by them of 802.11 drivers that support frame injection and  RF monitor mode  to run different auditing tools on their wireless networks.