Our computer systems will never be entirely secure. New techniques and procedures are constantly evolving, being implemented to circumvent current security measures. When one attack method is too heavily defended against, attackers look for new, innovative ways to avoid detection, increase infection rates, and gain wealth. 2018 saw the rise of cryptomining and cryptojacking, a shift in ransomware and malware, and a new target for phishing attacks. The best defense in this changing landscape is a layered approach involving proven security technology and end user education and awareness training.
Two new vulnerabilities, Meltdown and Spectre, affected nearly every device with a modern CPU - that is, a processor made in the last 20 years - due to the way these processors function and isolate private memory. These vulnerabilities have existed for two decades before they were discovered, and until they were fixed, gave access to private data such as login credentials.
Cryptomining is an easier, less risky way to profit than ransomware. It works on any device, so not only are laptops and smartphones vulnerable, but so are other IoT connected devices like routers and TVs. The processing power of the CPU is redirected to mine a cryptocurrency, most commonly Monero, chosen for its anonymous blockchain and ability to run on consumer-grade hardware. The victim’s energy bill increases as the criminal profits. When scaling is used, the drain on the CPU is minimal when the mouse is in use, and then increases up to 100% at other times.Some sites intentionally use cryptomining to generate revenue instead of bombarding site visitors with ads. These sites are primarily pornography, torrent, and streaming sites, that may not inform their visitors they are actively mining. The top cryptomining domains are xxgasm.com making up 31%, coinhive.com at 28%, and cumception.com at 26%.
Ransomware is a widespread and damaging type of malware typically used to extort money from the victims by encrypting their files. In 2017, ransomware hit hard. Companies were forced to pay expensive ransoms for their data. With the implementation of cloud backups for previous versions of files, and the widespread adoption of Windows 10, a more secure operating system, it is much harder for a ransomware campaign to be successful.Ransomware attacks now target unsecured Remote Desktop Protocol (RDP) connections. Lacking adequate RDP settings leaves the environment open to attack; RDP access to previously hacked devices can even be purchased on the dark web. This allows the criminals access to the system and turns it into an entry point for browsing all of the data, disabling endpoint protection, and deploying ransomware or other malware.
Malware is software that was written to cause harm to data and devices. Malware continues to be a prevalent threat, but it is declining. Cryptomining is much easier and more profitable than deploying malware. In the first half of 2018, malware web traffic dropped from 2% down to 1%. With threat tactics and attack methods constantly changing in response to security, malware is becoming more resilient, harder to detect, and longer-lasting.Botnets are the most common method to deploy malware. Emotet is currently the most persistent botnet. “[Emotet’s] payloads are delivered at an impressive pace, showing that threat actors have automated multiple steps in their campaign operations. Emotet aspires to increase the number of zombies in its spam botnet, with a concentration on credential-gathering.” (Webroot). Emotet can turn routers into proxy nodes for command and control infrastructure. As most residential routers are Linux-based without antivirus, they are often not set up properly and are easily exploited, with the victims being unaware that the Universal Plug and Play is used to plug IoT devices into their router.Other forms of malware are also evolving. Trickbot can now ensure that their attack modules and web injections remain active for longer; this is accomplished with Tor servers as their level 1 command and control infrastructure. Zeus Panda, also called Panda Banker, has started to target more regions around the world. Criminals are changing their attacks to be less noticeable and more profitable.
Phishing attacks are on the rise. Phishing attempts increased from January to June by 60% (Webroot). Dropbox was a primary target, getting 17% of the attacks. Dropbox accounts can store personal, business, or financial data that leads to a much bigger payoff if the attacker can get access.93% of breaches in an organization are due to phishing. Employee security awareness can be the difference between preventing an attack or being the victim of cryptomining, ransomware, or malware. Ongoing security training, especially when the course content is current, reduces the risk of infiltration proportionately. Based on testing:
Educating end users on how to spot and avoid phishing scams should be an ongoing process, to ensure that employees are aware of the most current methods of attack. End user training is the best form of defence, because even the most advanced security technology could potentially be circumvented by attackers eventually. Well-trained end users who know what to look for and are kept up-to-date on threats are more equipped to prevent attempted attacks. To educate your employees on current threats and attack methods, contact us for our security training.In a constantly changing threat landscape, your computer security is only as good as your technology and training. New techniques are constantly being discovered, with targets and attacks changing all the time to exploit weaknesses in security. When one security area is bolstered, attackers change their methods and find another way in. The best defence is to combine proven security technology with ongoing end user training that will teach them how to spot a threat before it’s too late. Reduce your risk and keep your environment secure by providing security awareness training for employees. Contact us to learn more about IT Security.