On a global scale, according to Group-IB, trading access

[tanjimajuha20]

According to the Group-IB report "Evolution of Cybercrime. Analysis, Trends and Forecasts 2022/2023", ransomware will remain the number one cyberthreat for businesses both in the world and in Russia. Also, according to the forecast of the authors of the study, the main way to gain access to the infrastructure of companies will be the results of the actions of infostealer programs.

"Against the backdrop of the hong kong cell phone number list geopolitical crisis, the number of cyberattacks carried out by pro-government groups and hacktivists is growing by an order of magnitude. Pro-government cybergroups from countries not directly involved in the conflict were engaged in cyberespionage against neighboring states in order to find out military secrets," the authors of the Group-IB study commented to ComNews. Along with the geopolitical crisis on a global scale, the main driver for cybercriminals will be the growing negative processes in the economy.

"Due to the conflict between Russia and Ukraine, there is no hope for cooperation with law enforcement agencies in the near future. Therefore, it is possible that cybercriminal groups from one side of the conflict will actively attack companies from the other side. Some may even consider this their duty to the Motherland. The cooling of the economy caused by rising energy prices, inflation, sanctions and other reasons will lead to an increase in the level of poverty among the population and, accordingly, the level of crime, including cybercrime. And as we know, ransomware brings fabulous sums to its owners," said Ivan Kvyatkovsky, senior cybersecurity researcher, Global Research and Analysis Team (GReAT) of Kaspersky Lab.

to companies' infrastructure is the second source of income for cybercriminal groups after ransomware. The main tool for achieving this goal is infostealer programs.

Group-IB also warns that the number of attacks on Russian companies aimed at stealing data will continue to grow. Moreover, the motivation for such attacks is not related to monetization, the goal is to cause reputational or economic damage to Russian businesses and their clients.

However, as noted by Alexander Vurasko, an expert in the special services department of Solar JSOC "RTK-Solar", such a shadow market also covers Russia: "During darknet monitoring, we often come across advertisements for sale of access to various servers. The bulk, as a rule, are offers of access to servers of small commercial organizations, but we have also recorded offers related to servers of large state companies from all over the world. The cost of access ranges from $200 to tens of thousands of dollars. Fortunately, the share of Russian companies is quite insignificant, but this threat should not be underestimated. Compromised servers can be used in a variety of scenarios. For example, they can become an entry point for a hacker into a company's infrastructure, can be used to send spam, place malicious content or host a botnet control center. Finally, data from the server can be encrypted and a ransom demanded for decryption."