Positive Technologies analyzes Q3 2017 cyberthreats: cryptocurrency and ICOs in the crosshairs

Experts at Positive Technologies note increased hacker interest in cryptocurrency wallets and initial coin offerings (ICOs), in which ordinary users and major companies alike run the risk of losing millions in just minutes.

By attacking the website of an initial coin offering, hackers can replace the address indicated for the ICO wallet with an address controlled by them. As a result, would-be investors are tricked into sending funds to the wrong recipient. Cryptocurrency has also created a new and stealthy way for criminals to monetize control of victims' computers—they infect the computers with malware in order to create botnets that mine cryptocurrency on their behalf. So it is no surprise that the most expensive cyberattack in Q3 2017 also involved cryptocurrency: a vulnerability in an Ethereum client led to losses of around USD $30 million.

Cyber incidents are on the rise in the government sector—13% of attacks in Q3 2017 were aimed at government, which for the first time in two years exceeds the percentage aimed at financial companies (7%).

Cybercrime knows no borders: more and more attacks are targeting two, three, ten, or even more countries simultaneously.

Attacks on home users grew substantially in the outgoing quarter (32% versus 24% in the prior quarter). 75% of attacks on educational institutions during Q3 took place in September, while entertainment (restaurants, hotels, movie theaters, etc.) attracted hackers more during the summer months.

Malware attacks continued their growth, reaching 39% of the total. Attacks on industrial companies made up a substantial portion of these (the Dragonfly group, for example, continues to target the energy sector).

Exploitation of website vulnerabilities, such as by defacing government websites, is also popular. In August, such attacks hit 27 Malaysian government websites, a website of the Pakistani government, and around 40 websites in Venezuela.

In July, a massive data breach hit Equifax, an American credit reporting company, compromising the identity and financial information of 145.5 million customers in the U.S. alone.

Hackers also continue to refine malware used against ATMs and POS terminals. Avanti Markets went public in July with information about successful attacks on the company's kiosks in the U.S., due to which client information was compromised.

"Malware was a factor in almost half of attacks. In our view, the main cause is the popularity of Ransomware as a Service," says Positive Technologies analyst Olga Zinenko. "Website security is important like never before due to the boom in blockchain projects and ICOs. When an attacker seizes control of a website, changing the site's content can cause losses of millions of dollars before anyone is able to notice. Given the increase in new ICOs, we expect to see more attacks on blockchain platforms by year's end."

The report, Cybersecurity Threatscape Q3 2017, can be found at the following link.