Increasingly sophisticated groups of threat actors based in locations outside Western jurisdiction in countries such as Russia are increasingly targeting financial organizations and online retailers in the UK and the US.
Banks and other financial services are a prime target for organized cyber-criminals because of the large amounts of cash they handle and the increasing digitalization of their customer-facing services. Retailers with a growing online presence are also finding themselves in the front line facing concerted attacks from criminal groups with strong Russian connections.
CyberInt Research recently published a reporthttps://l.cyberint.com/reclegit-remote-access-tools-turn-into-threat-actors-tools connecting a single Russian-speaking gang, TA505, to a range of attacks against retailers and financial institutions around the world. Based on analysis of their code, members of TA505 are thought to be native Russian speakers. The group specialises in the nefarious use of a legitimate off-the-shelf commercial remote administration tool, ‘Remote Manipulator System’, to remotely compromise businesses avoiding internal security systems’ detection. The remote access tool was developed by a Russian-based company, TektonIT. TA505 began its criminal activities in 2014, was behind December 2018 campaigns against US-based retailers, and continues to be active in 2019.
Gangs like TA505 are highly professional and make huge profits from their global operations, which they have expanded across several continents since they began their highly-focused attacks on financial institutions and retailers in December 2018. TA505 is just one example of the way in which a new and highly sophisticated generation of threat actors are rapidly expanding their operations on a global basis.
Last year’s estimates of global cybercrime profits were around $1.5tn and rising. There is also growing evidence that cyber-criminals are now targeting cash-rich organizations in developed economies such as the US and the UK. According to the 2019 Trustwave Global Security Report, the sectors most affected by cyber-attacks were retail, which accounted for 18% of organizations worldwide which had experienced data breaches, with the financial sector accounting for 11%. All the financial sector data breaches involved corporate and internal network attacks, whereas 77% of the retail sector breaches involved e-commerce attacks.
As banks in the UK and elsewhere increasingly move their client-facing operations online, they expose new vulnerabilities which can be exploited by skilled professional threat actors. Online account management can expose banking customers to fake emails purporting to come from their bank containing a link to a cloned website that is virtually indistinguishable from the bank in question’s genuine website. The software needed to create such cloned websites is frequently available on the Dark Web forums where organized cyber-criminal gangs orchestrate their attacks.
As retailers move not only to online ordering of goods but also to providing additional services aimed at an experience now referred to as “retail theatre”, they open themselves to many new threat vectors. Retailers are now beginning to use the Internet of Things (IoT) and the cloud at the front-end of their operations and multiple devices together with smartphones and tablets with back-end systems supporting their retail and logistic operations. Unfortunately, while these advances in retailers’ online operations offer customers improved choice and convenience, they also provide opportunities for organized criminal gangs to profit from attacks ranging from cloned websites, through site scraping to refund frauds.
The increasing level of sophisticated targeted attacks aimed at organizations such as financial institutions and retailers means that traditional defenses provide insufficient protection against the sheer number of new threats. In order to defend themselves effectively against existing and future attacks, organizations must adopt a machine learning targeted threat detection platform tailored to their business’s specific needs.