Flash bomb

Computer disaster paralyzes the work of many companies, sometimes covering entire countries. The media calls it epidemics. In fact, under the general name hides a lot of malware.



The most common types are viruses, worms, trojans, bots, backdoors, cryptographers, spyware, and adware. Some can only slightly irritate the user, others steal confidential information, money, destroy data, damage or destroy systems and equipment.

Seven uninvited guests

A computer virus is a kind of malware that can multiply, creating copies of itself, and also embedded in the codes of other programs, in sections of system memory, in boot sectors. The usual symptoms are impaired functioning of programs, blocking user access, deleted files, the inoperative state of various computer components.

Worms are similar in functionality to viruses, but unlike them they are autonomous, they do not require a host program or human help in order to reproduce. This is a very dangerous class of malware, since it is not necessary for a user to launch media files to spread them and infect new computers. The worm has the ability to distribute its copies on the local network, by e-mail, etc.

Troyan is named in honor of the notorious horse. It is immediately clear that this software is misleading the user. It seems that you are launching a legal application or video file, and in fact the malware is activated. Very often Trojans get computers of gullible citizens from the Internet or e-mail.

Bot - short for robot. This is an automated process that interacts with various network services. Bots often undertake operations that could be performed by humans, for example, search for new sites or tell jokes in the messenger. Can be used for both good and bad purposes. An example of malicious activity is when a network of bots (botnet) spreads viruses and infects computers. Thus, the attacker gets the opportunity to use a variety of machines for their own purposes.

Another type of malware is exploits. They are aimed at hacking specific vulnerabilities. Exploits are also not always used to harm. Sometimes they are used to demonstrate the presence of a vulnerability.

The backdoor in English is a back door or a back door. This is an undocumented access path to the system that allows an attacker to penetrate the OS and gain control over the computer. Typically, attackers use backdoors for more convenient and constant access to the hacked system. Through this back door, new malware, viruses and worms are being downloaded.

Encryption programs or extortionists are malicious software that makes unauthorized changes to user data or blocks the normal operation of a computer. For decoding and unlocking, attackers usually require a ransom.

Rabbit is not only meat

In addition to using malware, there are other ways to disrupt the performance of computers and networks. Today, the most popular DoS-and DDoS-attacks, allowing to bring to failure almost any system, without leaving evidence. The abbreviations DoS and DDoS are disclosed as Denial of Service, that is, Denial of Service, and Distributed Denial of Service is a distributed denial of service attack. The latter is performed from a large number of computers. The goal is to create conditions (for example, multiple requests to a site or server) when users cannot access these resources. The results of such an attack are a simple enterprise, which means economic and reputational losses.



The most visible cyber attacks of recent months have been caused by the encryption viruses WannaCry, ExPetr and Bad Rabbit. These three waves affected tens of thousands of users. Most of the incidents with the ExPetr virus were recorded in Russia and Ukraine, cases of infection were observed in Poland, Italy, Great Britain, Germany, France, the USA and other countries. The companies of Russia, Ukraine, Turkey and Germany were hit by the extortionist Bad Rabbit. The malware spread through infected Russian media sites. All signs indicate that this was a targeted attack on corporate networks. Presumably several Russian media have suffered from this cryptographer. About the hacker attack, possibly related to the same Bad Rabbit, reports Odessa Airport. For decrypting files, attackers require Bitcoin 0,05, which at the current exchange rate is equivalent to approximately 283 dollars or 15 700 rubles.
After analyzing the situation, Kaspersky Lab experts came to the conclusion that behind the ExPetr and Bad Rabbit there was the same cyber grouping and it had been preparing the Bad Rabbit for attack at least since July of this year.

Malefactors have a special interest in the financial sphere. For example, banks more often than other institutions are faced with DDoS attacks. The results of the study of cyber threats affecting the work of this sector are known. In 2016, similar incidents were recorded in every fourth bank. For financial institutions as a whole, this figure was 22 percent. More than half (52 percent) of victims experienced inaccessibility or deterioration in the quality of public web services for a long time - from several hours to several days. And at least in 43 percent of cases, the DDoS attack was used as a disguise when performing other malicious operations. The purpose of such attacks often become banking sites - they were affected in half of the recorded cases. However, this is not the only weak spot. Almost the same number of respondents (48 percent) underwent DDoS attacks on Internet banking and online services. In the banking sector, reputation is critically important, and it is inextricably linked to security. If online services become unavailable, this undermines customer trust.

The target attack continues on the financial organizations of Russia and some other countries, which received the name Silence for its stealth and secrecy. The first wave was recorded in July. Malefactors use known, but still very effective equipment. The source of infection is phishing emails with malicious attachments. Phishing (from English fishing - fishing, fishing) is a type of Internet fraud, the purpose of which is to gain access to confidential user data: logins and passwords. For this, mass e-mails are sent on behalf of popular companies or banks. Messages contain malicious attachments that trigger a whole chain of events. Having opened such a letter, the user infects the computer with Trojans, which collect the necessary information and send it to fraudsters.

No victims yet

Who is behind the creation and distribution of malware, what goals do these people have? According to Yuri Namestnikov, the head of the Russian research center at Kaspersky Lab, now the growth of cybercrime is not as significant as it was in 2007 – 2010. At that time, the number of malware being created grew exponentially, hundreds and thousands of times higher than in previous years. Recently, the growth curve has reached the "plateau", the figures have been stable for three years already. However, there are several interesting processes that add up and give a feeling of a greater range of hacker actions.

Significantly increased the number of attacks, where the customer is the state. Today, many countries have special groups of hackers for spyware cyber operations. Any incident related to the activities of such groups receives significant media coverage, and even goes to the level of diplomatic discussions.

The traditional cybercrime, notes the Vicaroye, is also evolving in two directions: very complex attacks against large companies (numerous database hacks) and financial institutions (stealing money directly from banks, not from their clients), are active with the aim of extortion (program- encryption, DDoS-attacks). For the latter, no special knowledge is required; even unskilled offenders can do it. But single-handed hackers today have become a rarity, well-organized criminal structures almost always stand behind large-scale attacks.

“Now cybercrime is distributed, it is arranged at the level of services and free communication. If you have money, you can order everything, ”believes Vyacheslav Medvedev, a leading analyst at the development department of Doctor Web. “The international level of cybercrime organization is provided easily, since members of one group can live in very different countries (including unfriendly), servers are rented in third countries, and orders are taken from the fourth.”

Andrei Yankin, deputy director of the Jet Info Systems Information Security Center, believes that lone hackers remain, but the weather is made by cybercrime - the shadow economy associated with the trade in malware and related services. Counterfeiters are working with them, ready to divert money, there are underground call centers that call potential victims on behalf of banks, a malware development chain has been created: some are looking for vulnerabilities, others are writing programs, third are trading them, fourth are supporting money, the sixth provide for their withdrawal, cashing in and laundering. At the same time, the participants of the chain do not know each other, which means that it is difficult to cover the whole gang.

Interesting, but also the most controversial question, what are the revenues of cybercriminals. They, according to experts of Sberbank, last year there were in the world about 40 millions. The number of crimes committed by them amounted to almost 600 millions. “It is impossible to calculate the financial damage, because it is difficult to establish at least the exact number of victims,” explains Yuri Namestnikov. - But how much they "earned" on the attacks of WannaCry and ExPetr, in principle, is known. The attackers used a limited number of "wallets". Due to the openness of the bitcoin ecosystem, anyone can see the amount transferred as a ransom. In the case of c WannaCry, this is about 150 thousand dollars, with ExPetr - 25 thousand. The amounts are modest, especially when compared with those that are received by cybercriminals who carry out targeted attacks on banks. There the bill goes to tens of millions of dollars (for one attack). This once again proves that the main task of WannaCry, ExPetr and Bad Rabbit is not making money, but stopping the business processes of companies. ”

“If we talk about statistics, then, according to the Central Bank, in 2016, more than two billion rubles were withdrawn from the accounts of banks in the Russian Federation, legal entities lost so much, physical ones - just over one billion,” testifies Andrey Yankin. - And this is just the tip of the iceberg. The Central Bank reports on incidents of which it becomes known. But banks and legal entities often just keep silent so as not to be in the center of the scandal. ”

Huge damage is still half the trouble. Vyacheslav Medvedev emphasizes that, so far, the attacks, fortunately, have been without human casualties. But what awaits us in the future? Attacks on hospitals and critical systems are a time trend, as well as on built-in and smart devices.

How to protect yourself from the actions of cybercriminals? What rules to follow, what remedies to use? General recommendations, according to Andrei Yankin, are simple. We must at least not neglect the basic principles: regularly update the software, use firewalls, antiviruses, minimize and delimit the rights of users. “The 80 / 20 rule works well here. 20 percent measures allows you to cut off 80 percent threats, ”the expert says.

“The landscape of threats and attacks are becoming more complex. Of particular concern is the fact that criminals are increasingly choosing targets for critical infrastructure, in particular oil refineries and gas pipelines. We see an emphasis on targeted attacks. Modern means of protection are aimed at preventing infection, and if it has happened, they are unable to detect it in dynamics. In general, the movement goes towards specialized integrated protection, including the technologies of artificial intelligence and machine learning. This direction will be actively developed in the near future, ”summarizes Yuri Namestnikov.

Virus against atom

Various types of espionage (economic, industrial, military, political, etc.), targeted attacks on enterprises, transport, process control systems and critical infrastructure elements (sabotage, if you call a spade a spade) are not so much cybercriminals whose goal is money, how many states. The paradox of our civilization is that the achievements of science and the latest technologies immediately begin to be used not for good purposes. IT is no exception. Gaining strength, they became the most dangerous weapon - relatively inexpensive, secretive, but very destructive. Somehow it came about that the nuclear-missile era is already yesterday. The era of cybernetic operations, sabotage and even wars has arrived.

This is not a figure of speech. In all developed countries for several years officially exist cyber war. Especially succeeded in building a new kind of armed forces of the United States, China, United Kingdom, South Korea, Germany, France and Israel. The number of cyber subdivisions in different countries ranges from a few hundred to tens of thousands of people. Funding amounts to hundreds of millions of dollars, while the most advanced and wealthy countries spend billions. And Russia, according to experts, is here at the forefront. In the ranking of kibervoysk we are given fifth place.

For obvious reasons, reports from cyberwar fields are not made public. But sometimes the information can not be hidden. The most striking example is the attack on Iranian nuclear facilities using Stuxnet. This computer worm struck 1368 from 5000 centrifuges at a uranium enrichment plant in Natanz, and also disrupted the launch of the Bushehr nuclear power plant. According to experts, the Iranian nuclear program was thrown back two years. Experts say that Stuxnet on efficiency was comparable to a full-fledged military operation, but without casualties.

The virus code consists of more than 15 thousands of lines, its complexity is unprecedented, and this suggests that the creation of Stuxnet is the work of a large team of developers. To maintain such a team can only developed and rich countries. To develop and bring up a similar product to the “combat” state, a team of 6 – 10 programmers must work for 6 – 9 months. The cost of the project is estimated at three million dollars.

After the incident, Western media wrote that Stuxnet was a joint development of the United States and Israel, the virus had previously been tested at the nuclear center in Dimona. An employee of Siemens, who allegedly inserted an infected flash drive into the workstation, was appointed to blame for the infection of Iranian objects. But there is other information: there were several agents and each introduced only a portion of the code into the Iranian system, and then the worm gathered itself together and did its work.

These troubles happened in Iran in distant 2010. How to know what cyber armies are capable of today.