23.01.2017
In a Risk Group
Why Cyberattacks May Be Soon at the Top of the World Rating of Threats
By Ilya Sachkov for RBC
CEO Group-IB
Countering of cyberattacks is like a contest between armor and a shell. The events of 2017 made it clear that many companies and even states still fell behind hackers in their knowledge of computer technologies.
Experts of the World Economic Forum (WEF) called cyberattacks that reached "unprecedented levels" one of the major global risks after ecological and geopolitical problems. For the present, cyberattacks rank sixth in the Top 10 list of technology risks. However, the threat may take first place in less than 5 years.
Humanization of Evil
Why Cybercrime is Developing so Fast? To answer that question, we have to understand the background and causes of the phenomenon. And they are three: fundamental change in crime itself, evolution and availability of hacker tools and, finally, wrong estimation of risks at the development stage of protection systems. All combined, they lead to the fact that cybercrime is impending like a "Cyber-Katrina", a hurricane that will destroy everything on its path, as it has been recently noted by Vladimir Ovchinsky, who was in charge of the Russian bureau of Interpol in the past.


While it did not happen, we have to realize that we are living in the most peaceful time in our species' existence, says Harvard psychologist Steven Pinker. Chances to fall victim to genocide, military operations, and even to an armed attack in the street are minimal in comparison to previous history periods. However, the number of criminals does not decrease, but the real danger is waiting for us on the Internet, not in the street, with a knife in hand. A huge number of new criminal "IT professions" appeared—virus writers, carders, DDoSers, droppers, phishers, money launderers—as well as hundreds of new crimes using information technology: hacking of networks, stealing money from credit and debit cards, from Internet banks, ransomware, sabotage and diversion, computer piracy, child porn trading, traffic interception, cyberespionage and cyberterrorism.
Network Edipemics
Cybercrime is becoming global and more dangerous than the traditional organized crime. For only 3 days of May 2017, the WannaCry ransomware attacked 200,000 computers in 150 countries of the world. The virus affected university networks in China, networks of Renault plants in France and Nissan plants in Japan, Telefonica telecommunication company in Spain and the German railway operator Deutsche Bahn. Damage incurred by WannaCry was estimated at a minimum of $1 billion. But, according to the insurance market experts of Lloyd's of London, it would have been far worse: the experts estimated that the global damage incurred by the cyberattack might exceed $121 billion. It is much more than the damage incurred by "superstorms" Sandy in 2012 ($70bn) and Katrina ($108bn).

It would not be easy to stop such a force: international legislation is not synchronized, and no state is able to efficiently counter transborder cybercrime alone. That is why it suffer losses. For example, according to the research conducted by Group-IB, Microsoft and the Internet Initiatives Development Fund (IIDF), total damage to the economy of Russia from cybercrime already amounted at RUB203.3 billion, or 0.25% of Russia's GDP by the beginning of 2016. The damage amount equalled the half of federal budget spending on health care in 2015. According to our estimates, damage incurred only by cyberattacks against the Russian financial industry for 2 years (2016—2017) amounted to more than $117 million.

Countering of cyber threats is always a contest between armor and a shell. Last year events made it clear that many companies and even states fell behind criminals in their knowledge of computer technologies. Hackers are becoming more quick and invisible—they use ready software modules that assemble processes for a particular task like a meccano, automatize them and use bodiless software operating only in RAM. As a result of data leaks, hacker tools developed by security services come into hands of cybercriminals.
Hackers on Service
A warning was made at the CyberCrimeCon2017 annual conference that the world is facing quite a serious threat of state-linked hackers who may attack strategic targets, industrial enterprises and banks. In October 2017 the North Korean Lazarus team, reaching the international system of interbank transfers, withdrew from the Far Eastern International Bank in Taiwan $60 million. Lazarus opened a Pandora's box: after this, attacks on the SWIFT were recorded in the banks of Taiwan, Ecuador, Nepal, and for the first time in the history of Russia.

Another test ground for cyber weapons has become the energy sector. For example, tools developed by the BlackEnergy group that once knocked out the power in several districts of Ukraine allow remote control of Remote terminal units (RTU) responsible for physical opening/closing of power grids. Actually, that means cyberweapons that shall be able to leave the whole cities and towns without power and water.

Technologies make our life more comfortable, but danger may come from the most unexpected sources. Cybercriminals are actively creating botnets from IoT (Internet of Things) devices that will be later used for DDoS attacks. The Mirai botnet that included 600,000 infected devices left the whole regions and countries without Internet. It's not hard to imagine the consequences of such an attack if the world has 20 billion of IoT devices connected to Internet by 2020. For example, ransomware may not only encrypt your computer, flat or house, but the whole "smart" cities.
Finally, there is one more serious cause of the fast cybercrime development: it is the wrong estimation of risks at the development stage of a protection system. Usually, incidents take place in companies that are sure of their security.

The book Thinking, Fast and Slow by Daniel Kahneman, who won the Nobel Prize in economics, describes in detail cognitive biases of our brain while estimating risks. For example, amplification: people build endless possible protection systems based on the wrong data.

Most of the Russian companies do not realize what the present-day computer crime is, how it attacks and what kind of tools it uses. For example, they do not use cyberespionage tools. But it is impossible to defeat the enemy without knowing who that enemy is and how he acts.
Источник — RBC


RBC continues to publish articles prepared in cooperation with the project "Future Russia: 2017—2035". The goal of the project carried out by the Strategic Developments Center in cooperation with the Ministry of Economic Development is to define future challenges and to assess if Russia is ready to respond to them.