What cyber threats did businesses face in 2021?

[Carding Forum]

According to Kaspersky Lab, in 2021 every third corporate computer in the world was subjected to at least one web attack. In general, in the outgoing year, businesses had to resist complex cyber espionage campaigns and targeted attacks, ransomware and ransomware, attacks on POS terminals and server infrastructure. Kaspersky Lab experts analyzed the trends and the most significant incidents that endangered the security of commercial companies throughout this year.

As the events of the past 12 months have shown, ART-class attacks (sophisticated targeted attacks, in particular cyber espionage campaigns) are no longer the "curse" of military, government, research and critical infrastructure organizations. Cybercriminals have adopted the tools and techniques of the groups behind such well-planned attacks, targeting companies in the financial sector in the first place. An example of this was the large-scale cyber bank robbery carried out by the Carbanak group. As in the case of cyber espionage, criminals carefully prepare for each operation: they investigate the interests of potential victims, identify and deliberately infect sites that are most often visited by company employees, analyze the list of contacts and suppliers of the attacked organization.

At the same time, cybercriminals carefully select the tools to carry out attacks on businesses. So, they actively use legal software to stay unnoticed for longer. The malicious files that cybercriminals use to infect corporate networks are very often signed with valid digital certificates, including from well-known developers. Finally, to penetrate employees' computers, attackers are 3 times more likely than in the case of home users to use exploits for Microsoft Office applications. It is noteworthy that cybercriminals prefer to exploit already known vulnerabilities, because they know that updates are installed very late in many organizations.

Compared to last year, commercial companies were twice as likely to suffer from encryption programs. There are two reasons for this significant increase. First, the ransom money received from organizations can be much more significant than from users. And secondly, the chance that the ransom will be paid is higher in the case of an affected organization - sometimes companies simply cannot function if information critical to their activities is encrypted and inaccessible.

“The use of professional cyber espionage tools and methods in attacks on businesses has already brought threats to corporate users to a completely different level, and we expect that in the future cybercriminals will only“ improve the quality, ”says Yuri Namestnikov, an antivirus expert at Kaspersky Lab. - Of course, next year their interest in financial institutions will remain, however, in addition to stealing money from traditional banks, they can attack alternative payment systems or try new techniques - for example, manipulate data on stock exchanges. We also believe that one of the most important vectors of attacks on business in 2022 will be gaining access to servers and data centers where the most valuable data of companies is stored. The cybercriminals will not leave the Internet of Things unattended either - they will most likely try to penetrate the organization's network using vulnerabilities in such devices. In the long term, all these factors are likely to lead to the fact that businesses develop new security standards and begin to actively cooperate with law enforcement agencies."