Russian Cyber-criminals Switch to Cloud
Cybersecurity firm Kaspersky today released research on Russian-speaking cyber-criminal activity and how it has changed over the past six years.
The study by Kaspersky’s Computer Incident Investigation Department found that historically favored attacks targeting banks and other financial organizations with money-stealing malware have largely been replaced. Nowadays, cyber-criminals prefer to hit their targets with ransomware and data-stealing attacks delivered via spear-phishing emails with malicious attachments.
“Back in 2016, our primary focus was on big cyber-gangs that targeted financial institutions, especially banks,” said Ruslan Sabitov, security expert at Kaspersky. “Big names such as Lurk, Buhtrap, Metel, RTM, Fibbit, and Carbanak boldly terrorized banks nation-wide, and in some cases internationally. Yet, they have eventually fallen apart or ended up behind bars – with our help."
Researchers observed that the old attack method was reliant on the existence of security holes in popular web browsers and suggested that improvements to the security of browser and other technology was behind the switch.
Another key change recorded was a move away from developing malware in-house and toward public cloud infrastructure. Researchers found that cyber-criminals now prefer to use publicly available penetration testing and remote access software that can bypass security defenses