Skip to main content

Cybersecurity threats to watch out for

The internet can be a hostile environment. The threat of cyberattack is ever-present as new vulnerabilities are released and a commodity of tools are produced to exploit them. Therefore, the pressure on organisations (and their employees) to protect customer data and defend against attacks, is mounting.

But aside from using Firewalls and antivirus software, how can we expect businesses, especially smaller businesses with limited security budgets and skills, to keep on top of evolving threats? 

As our 2019 Nastiest Malware List highlights, cyberattacks are becoming more advanced and difficult to detect. From ransomware strains to cryptomining campaigns – that deliver the most attack payloads beyond phishing – cybercriminals are making better use of stolen, personal information available to craft more convincing and targeted attacks.

Ultimately, what this means is that doing nothing is no longer an option. It’s time that organisations step up, learning how to spot potential threats and the implications behind these attack tactics. This starts with understanding the ‘nastiest’ threats out there today that are leaving businesses at risk. 

Botnets: delivering mass disruption

Botnets have continued to dominate the infection attack chain in 2019. No other type of malware was responsible for delivering more ransomware and cryptomining payloads. 

Emotet, which was the most prevalent malware of 2018, held onto that notorious distinction into 2019. While it was briefly shut down in June, Emotet returned from the dead in September, and remains the largest botnet to date, delivering various malicious payloads.

Trickbot has been partnering with banking Trojan groups like IcedID and Ursif in 2019. Its modular infrastructure makes it a serious threat for any network it infects and, when combined with Ryuk ransomware, it's one of the more devastating targeted attacks of 2019.

Dridex was once one of the most prominent banking trojans. Now it acts as an implant in the infection chain with the Bitpaymer ransomware and is achieving alarming success.

The triple threat of Emotet, Trickbot and Ryuk

Ransomware has been around for nearly a decade and it should come as no surprise that it’s still a firm favourite amongst cybercriminals. Ransomware remains a top threat, adopting a more targeted model last year. Small and medium-sized businesses (SMBs) are easy prey and make up most of its victims. 

And one of the most menacing ransomware evolutions comes in the form of the ‘triple threat’ attack, involving Emotet, Trickbot and Ryuk. In terms of financial damage, this is probably the most successful chain of 2019. With more targeted, reconnaissance-based operations, they now assign a value to targeted networks post-infection will extort them accordingly after deploying ransomware.

As far as other ransomware strains are concerned, GandCrab is one of the most successful examples of ransomware-as-a-service (RaaS) to date, with profits in excess of $2 billion. While Crysis (aka Dharma) makes its second consecutive appearance on our Nastiest Malware list. This ransomware was actively distributed in the first half of 2019, with almost all infections we observed distributed through RDP compromise.




Personalised phishing

Email-based malware campaigns grow in their complexity and believability dramatically this year. Phishing became increasingly more personalised and extortion emails have begun claiming to have captured lude behaviour using compromised passwords.

Business Email Compromise (BEC) attacks also surged in 2019. Individuals who are responsible for sending payments or purchasing gift cards were targeted through spoof email accounts impersonating company executives or familiar parties. Victims are often tricked into giving up wire transfers, credentials, gift cards and more.

What many employees don’t realise is that often, the biggest security concern at the office is one of their co-workers, not a hacker in some remote location. A lack of best practices like poor domain administration, being reactive, not proactive, reuse and sharing of passwords, and lack of multi-factor authentication all mean bad actors may already be ‘phishing’ amongst them.

Cryptomining and Cryptojacking

Cryptojacking (also called malicious cryptomining) is an emerging online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” forms of online money known as cryptocurrencies. It’s a menace that can take over web browsers and compromise all kinds of devices, from desktops and laptops, to smartphones and even network servers. And according to Webroot’s research, these attacks rise and fall with the relative market cap of cryptocurrency price. The largest campaign of cryptojacking this year is through the ‘Retadup’ attacks and the most innovative was ‘Hidden Bee’. 

Hidden Bee tactics have a complex and multi-layered internal structure that is unusual among cybercrime toolkits, making it an interesting addition to the threat landscape. It first emerged last year with IE exploits and has now evolved into payloads inside JPEG and PNG images through Steganography and WAV media formats flash exploits. The additional difficulty in the analysis is introduced by the fact that the URLs and encryption keys are never reused and work only for a single session.

Whereas Retadup, is a cryptomining worm, that first started last year and was removed in August by Cybercrime Fighting Center (C3N) of the French National Gendarmerie, after they took control of the malware’s command and control server. It stealthily uses a computer’s processor to mine cryptocurrency, which generates money for the operators. It’s also able to run other types of malware, such as ransomware, and is commonly spread via attachments, file-sharing networks and links to malicious websites. Peak infection counts had Retadup on over 800k machines simultaneously.

Closing critical security gaps

These nastiest threats highlight how a comprehensive approach to endpoint security is needed now more than ever, to keep up with these various and complex attack models. Attackers may be using the same strains of malware, but they are making better use of stolen personal information available for more personalised threats. As a result, organisations need to adopt a layered security approach and not underestimate the power of consistent security training as they work to improve their cyber resiliency and protection.

After all, a business that practices good risk management not only protects its reputation, intellectual property and data, but will also offer its customers a measure of assurance making them attractive to do business with.



from TechRadar - All the latest technology news https://ift.tt/358nUil

Comments

Popular posts from this blog

Mother's Day 2020 gift ideas: 18 gadgets and gizmos for tech-savvy Aussie mums

Raising a family is not an easy job, and the women who care for us each and every day deserve to be told how special they are each and every day. While we tend to forget to do that, Mother’s Day reminds us we need to celebrate the women in our lives, whether they’re our own mothers or our wives and partners helping us raise the young ones. Mother’s Day 2020 is fast approaching (with under two weeks to go), and there’s a pretty good chance you won’t be able to take her out to her favourite restaurant this year, or even get to a store to shop for something she might like. So we have to get creative, and TechRadar’s Australian team has put together this little list of great tech gift ideas that you can buy online and have delivered in time for May 10. But you will need to get a wriggle on as delivery supply chains are under strain with more people shopping online. Whether she’s a whiz in the kitchen, loves to cosy up with a book or entertain at home, we’ve got a gadget or gizmo that’s s...

Amazon Australia has specials on Bose products all this week

December may have just begun, but the world's largest online marketplace is already feeling the Christmas spirit.  To kick off the month’s festivities, Amazon Australia is celebrating  ‘7 Days of Deals’ with Bose's superb audio hardware discounted each day. To begin with, the very popular (and rightly so) Bose QuietComfort 35 II and the more expensive Bose Noise Cancelling Headphones 700 are available for less. To sweeten the deal, Amazon will throw in an Echo speaker as a bonus as well. When you purchase the superb Bose Headphones 700, you will receive a free Amazon Echo Show 5, or if you’d prefer the Bose QuietComfort 35 II, you’ll receive a complimentary Echo Dot. The offer is valid until December 8, or while stocks last. You can buy the same bundles, for the same price if you make the purchase via the Echo Dot or the Echo Show 5 product pages on Amazon. Just make sure you select the bundled headphone in the 'add other items' section on the right. Best noi...

Valentine's Day flowers: the best online flower delivery services

February 14 will be here before you know it, and if you, like many others, are searching for that perfect gift, then placing an online order for Valentine's Day flowers is always an easy and romantic option. You can order a beautiful floral arrangement in minutes from a variety of online retailers, including; 1-800-Flowers, Amazon, ProFlowers, Teleflora, and many more. To help you sort through all the Valentine's Day offers, we've rounded up the best online flower delivery services in both the USA and the UK and listed their current promotions. We've also included delivery charges and made sure to mention if you can allocate specific days for delivery. There's a fantastic range of bouquets and gifts available from our selection of florists below, and online delivery from a specialist means you don't have to worry about the usual hassle of buying from a store and getting them home safely. We'll be updating this page as we get closer to the big day so you...