Not unlike a biological virus adapting to a new host, malware is constantly evolving to adapt to the changing technology landscape. The new variants are more and more sophisticated, designed to exploit software vulnerabilities, penetrate online security and avoid detection. In this article, FraudWatch International looks at some of the biggest malware trends of the past year, and what you can do to protect your business against the threat predictions for 2018.
2017 was a big year for ransomware
Ransomware isn’t new, it was identified back in the 1980s and its MO hasn’t really changed since then; it uses encryption to detain files, and then attempts to extort payment in exchange for the decryption key needed to retrieve them. There were several threats that garnered global attention in 2017 due to their advanced capabilities, the high profile targets, and the widespread nature of the attacks.
First identified in May 2017, the most prominent targets of this infection were the United Kingdom’s National Health Service (NHS), Spain’s largest telco, Telefonica and FedEx in the United States. It is estimated that some 400,000 computers were infected. Analysis of the WannaCry attacks revealed that the ransomware exploited a vulnerability in server message block (SMB) protocol thanks to an outdated operating system. Nearly all of the victims were running Windows 7 (first released in 2009) or the even older Windows XP. All of them were missing the critical system update for the flaw in the SMB protocol.
Following WannaCry’s lead, NotPetya appeared in late 2017 and targeted the same weakness in outdated Windows operating systems. This ransomware took it up a notch with the inclusion of a password harvesting feature, allowing it to steal credentials on the infected computer to access other systems.
Given the rise in cryptocurrency trading in recent years, ransomware has grown in popularity due to its relatively simple application. A malicious file is sent to the target, the ransomware holds the data hostage, and the hacker simply waits for the ransom money to be paid into their crypto wallet. Ransomware as a Service (RaaS) is booming on the dark web, and the developers behind Cerber are utilising this with huge success. Cerber has been so widely distributed it is fast becoming one of the most prolific ransomware families.
Ransomware as a service (Raas)
You don’t need to be a seasoned hacker to attempt a ransomware attack; RaaS provides the novice cyber-criminal with everything they need for a successful infection, right down to instructions on how to infiltrate the target’s computer. Many Raas packages don’t even require upfront payment; they work from a profit sharing model not unlike a legitimate software distribution program. The idea behind this principle is simple; when victims make ransom payments to retrieve their data, the funds (usually cryptocurrency) are paid to the creator of the ransomware, who then distributes the funds per pre-agreed terms to the budding cybercriminals who deployed the malware. The Raas platform is extremely successful in its simplicity; it allows would-be hackers to start extorting money from victims using someone else’s malicious code, and the authors of the code just sit back and wait for the money to roll in.
Though ransomware attacks have been dominating the headlines, FraudWatch can report that financial malware Trojans are still quietly wreaking havoc in the background, siphoning millions from unsuspecting businesses.
2017 saw four particularly pervasive malware families dominate the internet security sphere; Emotet, Ursnif, Hancitor and TrickBot. These Trojans are distributed through malicious attachment (spam email) with macro script downloaders concealed within them.
Most prevalent among them is certainly Emotet. First identified in 2014, Emotet has recently been enjoying a comeback tour. Originally designed to target the banking sector, the latest surge shows that the designers behind this malware now have a wider reach. According to data from FraudWatch in 2017, affected sectors now include fund management, financial planning and the share market.
Predictions for 2018
As cyber criminals continue to look for new and untapped revenue streams, FraudWatch and other industry leaders in online security predict that crypto mining malware will be the new ransomware in 2018. The volatile nature of cryptocurrency means there is huge money to be made when values skyrocket; Bitcoin at one time peaked at a record high of $20,000 US per coin. Much like the ransomware epidemic of 2017, the threat to cryptocurrency miners comes in the form of malware designed to exploit vulnerabilities in their operating systems. Once deployed, the malware covertly steals the payload of the victim.
It is predicted that the global cyber economy will sustain losses in excess of $6 trillion by 2021 due to cybercriminal activity. If we have learned anything from the ransomware attacks of 2017, the best way to protect your business from a malicious attack is to ensure that you are running the latest version of your CMS, particularly open source applications. Educate your employees, have up to date perimeter network defenses, protect your trusted assets (like your CMS by running the latest version), and have localised computer protection.
Don’t leave it too late to protect your business; click here to get in touch with FraudWatch International, and find out how we can help you minimise your digital risk today.