Malware Storm Rising
2018 was devastating to businesses and governments alike in cybersecurity. While we, as threat researchers and cybersecurity professionals, learned about threat tactics, evolved code and how to defend against them, Threat Actors also learned from our reactions and their failures. They know all too well that they just have to get it right once, but we have to be right every time.
As we dive into 2019, we see malware as a storm rising with more destructive effects. Here are a few things we see making bold new ventures in their attacks.
Threat actors behind ransomware campaigns and attacks are getting smarter and more capable. The boldness of attacks in 2018 notched things up considerably, as we saw in the cases in Georgia, North Carolina, California, and parts of Europe. The attackers have displayed shrewdness in their demands, seeking ransom amounts they think the victims can afford, or preying on victims during natural disasters when resources are already strained. We anticipate ransomware variants that will strike out at even more businesses and municipalities with laser focus.
Advanced Persistent Threat (APT) Malware
Threat actors sponsored by nation-states like Russia, China, N. Korea, Iran, etc., continue to operate from the shadows, making it more and more difficult for researchers to associate their code and activities. Stealth is vital to them so they can carry out their espionage and destructive efforts. Customized malware is deeply intertwined in the APT landscape and threats from Fancy Bear, Deep Panda are evolving their code. We expect them to upgrade their tools to increase the effectiveness of their attacks.
Wiper malware and others in its class are designed to destroy systems and/or data, usually causing purposeful damage to victim company's financial and sensitive information. The people behind this kind of malware are likely intent on sabotage or simply to cover their activities after stealing data. First identified in 2012, these destructive things are probably going to rise with revised and updated code.
This type of malware doubled in activity in 2018 due to their effectiveness in exploiting vulnerabilities. They infect targeted computers leaving behind no traces on the local hard drive and running in memory, making it easy to bypass traditional security and forensics utilities. Attacks exploit vulnerabilities in browsers and add-on products like Java, Flash and PDF plugins, or the human factor through phishing.
We've seen botnets evolving to go after different types of devices, such as carrier-grade and industrial hardware. New types of criminal activity, with their handlers creating new botnets with modular designs, do everything from DDoS to spreading other payloads of malware. New variants appeared, like semi-intelligent botnet swarms. The good news is that law enforcement is taking a deeper interest in these, but don't expect it to rest on its laurels.
Cryptomining malware seems to have dominated 2018, with attacks said to have increased by more than 80% in the past year. Threat reports indicated that more than FIVE million people were attacked with the malware in the first nine months of 2018. Crooks deploying this type of malware profited off their attacks on the websites of organizations like Make-A-Wish International or the LA Times. With new variants already in the wild, we're not expecting cryptomining to go anywhere.
The challenges we face are daunting but not insurmountable. At Firestorm Cyber, we believe that while the Internet has become a crime scene, we can meet these challenges with advanced synchronized protection, prevention, and education. And good old fashioned common sense!
Contact us at firstname.lastname@example.org or 706-410-2966.