The protection against cybercriminal activity is not only about antivirus protection but also about deploying a large variety of specialised tools to protect infrastructures as well as to have insurance in place to cover losses.

According to a report by the company, called Group IB, here with a few key findings in terms of the threat factors that are being experienced.

FYI Group-IB is one of the global leaders in preventing and investigating high-tech crimes and online fraud. Since 2003, the company has been active in the field of computer forensics and information security, protecting the largest international companies against financial losses and reputation risks.

One of them being TARGETED ATTACKS ON BANKS where they became the most attractive target for cybercriminals.

Targeted attacks on banks are just beginning to spread throughout the world but have become common in Russia since 2013.

Russian criminal groups are experienced in successful hacking of almost all types of banking systems, including payment gateways, ATMs (Anunak), card processing, and trading terminals (Corkow).

Most cyber-criminal professional groups, which used to attack companies, have now switched to attacking banks, and the groups which have gained experience of targeted attacks in Russia are now entering foreign markets.

Attacks on banks in Western and Eastern Europe, the CIS countries, the Asia-Pacific region, and the Middle East were carried out using similar schemes.

The software tools used for penetrating systems, gaining additional user privileges, taking over domain control and even removing traces of attacks were identical or very similar. Some of these tools are perfectly legal and freely available on the Web.


The amount of money stolen from companies by means of trojans for PC is significant.

Professional groups that used to be responsible for most of these attacks are now switching to attacking financial organizations; others, after gaining experience, began looking for potential victims outside Russia.

Android Trojans are being actively developed, with their functionality and availability growing. 

This adds to the explosive growth of the number of successful attacks. Every day in Russia, 350 Android users fall victim to this scheme, and the amount of money stolen this way has increased by more than 450% in 1 year.

As the infections become invisible and thefts become more and more automated, the amount of money stolen by means of such schemes around the world will be growing exponentially:

Android-based trojans started to spread through exploits, which allow installing malware during a user’s visit to a compromised website and without the user’s knowledge.

This has progressed to web injects for mobile browsers.

This functionality is available through the newest version of Marcher virus, a very popular Android-based trojan, actively used for theft worldwide. The ability to manipulate the display of data on the screen by using malicious injections into the browser allows hackers to attack users of any online banking systems and to implement all the schemes that had previously been available on computers only, including auto-upload and concealing fraudulent transactions from the history of payments.

The number of dangerous mobile applications is growing.

]Not only does such malware imitate the applications that are traditionally popular in a particular region, but it also responds to situational spikes of popularity: for example, such malware was disguised as the Pokemon Go app.

Hackers are actively using common internet marketing tools to promote those malicious mobile apps such as keyword-targeted ads, false reviews and numbers of installations in GooglePlay, SEO-optimization of the websites from where the programs may be downloaded.

Another finding is From an ESPIONAGE perspective

where the Tools available for tapping conversations and intercepting traffic have become more readily available than ever before

More and more legitimate companies begin to offer such services as tracking the location or wiretapping of mobile phones by using the attacks on SS7 channel. There is also a growing black market: such offers are increasingly seen on hacker forums.

The method of intercepting traffic with BGP Hijacking, which is a perfect tool for espionage, attracts increasing attention from attackers.

Android trojans combine tools for both espionage and theft. Thus, virtually all mobile trojans for theft, which are active in Russia, can be used to intercept text messages. This provides access to systems with two-factor authentication, such as cloud storages, e-mail, corporate systems, and through them, to all kinds of personal and confidential information.

From an EXTORTION perspective the number of attacks is growing and they are becoming more effective

The botnets used for DDoS-attacks are becoming popular again, only now, they are no longer developed on Windows PCs, like it used to be earlier, but on Linux servers and simple IoT devices (IoT stands for Internet of Things).

Available around the clock, not protected by any antivirus, IoTdevices have boosted the popularity of botnets for DDoS-attacks.

The number of DDoS-extortionists without their own botnets is growing. Some of them just send out threatening letters, while others commission short-term attacks to intimidate their victim.

Attacks with the use of encryption software are becoming more efficient. To increase the likelihood of receiving a ransom, hackers pay botnet owners to buy access to computers, which in turn have access to mission-critical systems. In addition, hackers have started to check the servers for which they already have passwords in order to find some mission-critical information which they can encrypt and thus increase the likelihood of receiving a ransom.

An increasing number of attacks on mobile users are envisaged. Not only Android users are under threat. Criminals cannot infect an iOS-device with encryption malware, however, they can block it by intercepting its access to iCloud.