Attacks converted to bitcoins

At the end of the first quarter, the number of DDos attacks in the financial sector increased sharply, and if a year ago hackers attacked mainly banks, now they have shifted their focus to crypto services. This may be due to the growing interest of citizens in cryptocurrencies or serve as a cover for more complex attacks, experts say.

If in the first quarter of 2020 DDos attacks in the financial sector were carried out mainly on banks, now they are on crypto services, StormWall told Kommersant. The trend is typical not only for Russia. According to the company’s estimates, in January-March 2021, the number of DDos attacks in the world increased by 40% year-on-year and exceeded the result of the fourth quarter of last year by 25%. StormWall analyzed customer data, among which 40% are Russian companies.

DDoS attacks Are attacks on a computing system to disable it. Using networks of infected devices, cybercriminals send a large number of requests to the server, the system cannot cope with them and refuses. As a result, legitimate users cannot get to the site.

The growth of DDoS attacks on crypto services is natural, believes Alexander Chernykhov, a leading expert in the Information Security direction of the Krok IT company: “If a year ago in the first quarter there was a pandemic on the agenda, then at the end of 2020 and the beginning of 2021 the information field was captured cryptocurrencies “. Among the reasons for the attacks, he names the heightened competition between crypto platforms and the desire to cause disruptions in the work of competitors.

The shift in focus to crypto services may be due to the high-quality protection of the resources of large financial organizations, adds Alexey Kiselev, business development manager for Kaspersky DDoS Protection in Russia. He notes an increase in the share of smart attacks in the first quarter, which are organized taking into account the characteristics of the victim resource. For example, the search function on the site is used to disguise the activity as legitimate, explains Mr. Kiselev.

The growth in the rate of cryptocurrencies provoked an influx of new customers into the industry, who are only mastering the specifics of crypto services, which also attracted attackers, says Artem Izbaenkov, Sevicepipe manager. Hacking techniques are becoming more intelligent: hackers are organizing a curtain of multi-vector DDoS attacks to make them harder to detect, he notes. DDoS attacks can serve as a cover for targeted attacks and ransomware viruses, says Alexander Chernykhov. According to him, in this case, the ultimate goal is the theft of funds.

Criminals are often active in industries where there is an increased demand, says MegaFon. Among the company’s clients in the second half of 2020 and early 2021, the financial sector and retail faded into the background in terms of the number of attacks, giving way to medical organizations, government agencies and industrial enterprises.

In the first quarter, there was high activity on the crypto market, says Dmitry Volkov, CTO of the international crypto exchange CEX.IO. On the CEX.IO exchange, trading volumes in January-March were four times higher than in the fourth quarter of 2020 and 15 times higher than the turnovers for the same period in the first three months of 2020, he said.

The growing user activity is a direct evidence of business expansion, which means that the price of every minute of downtime for crypto services is growing, which makes them more attractive targets for attacks, Mr. Volkov notes: “It is much easier for hackers to attack a portal that is under a high load of real customers.” In addition, he believes that downtime during this period will be undesirable for the owner of the service, because it will lead to large financial losses, which means that the probability of paying the ransom for stopping the attack and restoring the service is higher.

Yulia Stepanova