By LYDIA NATHAN / Pic By BLOOMBERG
CRYPTOCURRENCY exchanges are the most vulnerable targets for cyber criminals, accounting for 27% of incident reports last year, according to American-based cyber security firm Carbon Black Inc.
In its “Global Threat Report: Year of the Next-Gen Cyber attack”, the company said these exchanges represent prime targets for cryptocurrency theft, fraud and harvesting of user information for follow-on targeting by same criminals.
Carbon Black also said its evaluation on open-source reporting and dark-web marketplaces to identify and quantify the largest threats posed from cryptocurrency-related crimes revealed that almost RM7.34 billion (US$1.8 billion) in losses were incurred throughout 2018.
“Although bitcoin is still the lead cryptocurrency for legitimate cyber transactions, cyber criminals are moving to alternative and more profitable currencies, such as monero, used by major retailers and online services,” it said.
The firm added that the top five sectors that had been targeted the most globally were computers and electronics, healthcare, business services, software and manufacturing.
“It is estimated that underground cyber criminals spend some RM4 trillion yearly to develop attacks, while businesses spend RM391 billion to protect themselves, making defenders outspent by a ratio of 10:1,” it said.
Meanwhile, Carbon Black said almost 60% of cyber attacks around the world involve lateral movement, which refers to the techniques cyber attackers adopt to progressively move through a network as they search for the key data and assets that are ultimately the target of their attack campaigns.
The company added that this showed that attackers are not focusing on one component of an organisation or country, but instead are targeting broad areas as they move in intrusively.
“Cyber criminals are conti- nuing to hide in plain sight and move laterally — leveraging on non-malware or fileless attack methods,” it said.
Data from the report showed applications like PowerShell, Windows Management Instrumentation and Secure File Transfer Protocol were said to be the top three that attackers used in 2018.
“Modern cyber attacks appear to increasingly be fuelled by geopolitical tension and reveal how clever attackers have become in evolving to remain undetected by using techniques such as lateral movement, island hopping and counter incident response to stay invisible,” it said.
Carbon Black explained that the increasing number of attacks had very much to do with tension between Western democracies and countries like Russia, China and North Korea.
“As 2018 came to a close, China and Russia were responsible for nearly half of all cyber attacks. Of 113 investigations our partners conducted in the third quarter (3Q18), 47 stemmed from those two countries alone,” it noted.
Trailing behind the two nations was North Korea, in which the Carbon Black Threat Analysis Unit discovered fileless attacks against global governments in 4Q18.
“Of the identified fileless attacks, variants of the malware Graftor were uniquely identified as the fileless payload.
“Graftor variants are used by North Korean cyber operations, also referenced as HIDDEN COBRA, to maintain presence on victim networks and to further network exploitation,” it said.
Carbon Black said half of the cyber attacks today use one main victim for island hopping, which means the attackers are targeting an organisation’s affiliates and more often smaller companies with immature security postures.
“This (would) not only put your data at risk, but every bit of data from the point in your supply chain including clients and partner firms,” Carbon Black said.
The firm added that most attacks have become very destructive, as they become more powerful and sophisticated.
“We’ve seen a lot of destructive actions from Iran and North Korea lately, where they’ve effectively wiped machines they suspect of being forensically analysed,” a professional recounted to Carbon Black.