Cybersecurity threatscape: Q2 2018

  • Cyberthreats/Incidents

Trends and forecasts

In this quarter's report, Positive Technologies experts share information on the most important IT security threats. This information is drawn from our own expertise, outcomes of numerous investigations, and data from authoritative sources. Summarizing our findings from the second quarter of 2018, we note the following trends:

  • The number of unique cyberincidents continued to grow, exceeding the equivalent year-ago period (Q2 2017) by 47 percent.
  • Most cases involved targeted attacks on companies and their clients, as well as cryptocurrency exchanges. Attackers were quite resourceful. Not only did they use malware, but they also sought to exploit zero-day vulnerabilities, used social engineering to steal administrator passwords, and accessed partner companies in order to reach their ultimate targets.
  • May and June were marked by a large number of attacks (twice as many as in the first quarter) on cryptocurrency platforms, in which hackers made off with more than $100 million.
  • Data theft continued to account for an increasing share of total attacks. In most cases, attackers sought personal data, credentials, and credit cards. To get this data, they compromised online platforms, including e-commerce websites, online ticketing systems, and hotel booking sites.
  • Individuals suffered from malicious software, which was most often installed due to inattentiveness or lack of awareness. However, new methods also came into play, as some new store-bought smartphones came with malware out of the box.

We forecast an increase in the share of attacks aimed at data theft. Many companies fail to properly secure information, especially medical and personal data, making easy pickings even for low-skilled hackers, who perform more and more attacks every day. The information is then sold on the darkweb and used for further attacks.

Statistics

In the second quarter of 2018, we saw a growing number of attacks aimed at obtaining data. Information was the objective in 40 percent of cases, barely edging out financial profit, which was responsible for 39 percent. In our report "The criminal cyberservices market,1 we analyzed supply and demand on the darkweb, where sellers offer stolen personal information, credentials, and credit cards. The majority of supply on the darkweb (59% of offers) consists of user credentials for accessing various sites and services, including banks. These credentials are sold individually for up to $10, or sold for hundreds of dollars when bundled with credentials for millions of other accounts. As a result, individuals or companies victimized by data theft can expect to be targeted soon after in follow-on attacks that attempt to make use of stolen credentials.

Figure 1. Attackers' motives
Figure 1. Attackers' motives

We took a look at which information attracted hackers the most in Q2 2018. At the top of the list are personal data (30%) and account credentials (22%), such as for online banking. Credit and debit card information (15%) was obtained most often by using spyware or via compromised websites.

Figure 2. Types of stolen data
Figure 2. Types of stolen data

In Q2 2018, we saw a large number of targeted attacks against companies and organizations. Targeted attacks accounted for 54 percent of the total, outnumbering mass campaigns. Later in this report, we will more closely consider attacks against government and healthcare, since these two sectors are especially popular with hackers, as well as attacks on cryptocurrency exchanges, retailers, and individuals.

Large-scale cyberattacks affecting more than one industry (most often, malware outbreaks) have been placed in the "Multiple industries" category.

Figure 3. Victim categories
Figure 3. Victim categories

In Q2 2018, 44 percent of attacks were directed at infrastructure. Attacks on web resources increased compared to Q2 2017, growing from 23 to 32 percent of the total. In comparison to the prior quarter, attacks on IoT devices also grew, which can be explained by the appearance of new botnets, including PyRoMineIoT, Muhstik, and Wicked Mirai.;

Figure 4. Attack targets
Figure 4. Attack targets

Malware attacks decreased to 49 percent, compared to 63 percent in Q1. However, credential compromises jumped by 12 percent during the same period. We will take a closer look at each attack method and indicate which targets and industries were most affected.

Figure 5. Attack methods
Figure 5. Attack methods

Per-industry classification of cyberincidents by motive, method, and target

Per-industry classification of cyberincidents by motive, method, and target

1ptsecurity.com/ru-ru/research/analytics/darkweb-2018/

Read the full report