After a turbulent 2017 with Cyber Security making regular headlines, looking ahead to the coming year, there will no doubt be further discussions about the threat landscape.
Ransomware Revolution – Ransomware of Things
Technological advances and their accelerated use have led to a number of scenarios considered unlikely just few years prior, are now within the realm of possibility. The advice going into 2018 from ESET researchers is to back up everything that matters to you, often, by keeping at least some backups offline – to media that aren’t routinely exposed to corruption by ransomware and other malware – in a physically secure location. As the Internet of Unnecessarily Networked Things becomes less avoidable, the attack surface increases, with networked devices and sensors embedded into unexpected items and contexts: from routers to fridges to smart meters, from TVs to toys, from power stations to petrol stations and pacemakers. As everything gets ‘smarter’, the number of services that might be disrupted by malware becomes greater.
Criminals following the money
With data being the most valuable asset, ransomware is set to remain in great demand among cybercriminals. It is important to note that many ransomware attacks are not sophisticated enough or never intended to recover the victim’s data once the ransom has been paid. For these reasons we suggest not only backing up of data online and offline but also implementing proper security measures such as proactively training staff on what phishing emails entail and how to avoid clicking on them and entering any credentials.
Critical infrastructure attacks on the rise
Cyber attacks on the Ukrainian power companies resulted in electricity service being turned off in hundreds of thousands of homes. The implications of this for future attacks of this kind include more than just the power grid but also includes critical manufacturing and food production, water and transport and the defence and healthcare sectors.
Safer for all
This year has seen ESET’s malware analysts continue to help law enforcement crack down on malicious campaigns and, by extension, the criminals spewing them. We are confident that 2018 will bring further successful investigations as we will continue to lend a hand to authorities so that, ultimately, the internet can become a safer place for everyone – except cybercriminals.
Download the full Security Trends 2018 report here
In ongoing consultations with clients,
large companies named targeted attacks and hacking as two of their biggest
security challenges since they can seriously impact the continuity of business
activities in an organization.
Attackers have many means to infiltrate
companies. However, many attacks, don’t require a very high level of
technological sophistication. Instead, techniques like targeted social
engineering, i.e. spear
phishing, or the use of known vulnerabilities for which,
patches may have been issued but businesses have not yet deployed, can lead to
damaged reputation, revenue and data breaches.
On the other hand, high levels of sophistication can also be utilized as is in
the case of a Zero Day attack. Chief
among these was Stuxnet,
a recorded attack where malicious code successfully deployed four zero-day
vulnerabilities to impede a uranium enrichment program in Iran, and which,
according to media, was a state-sponsored attack.
There are many reasons why organizations
become repeat targets. Their bank accounts contain more resources than those of
an average person or small business and they also have considerable amounts of
interesting data that can be monetized. Attacks targeting companies can also be
used as a form of competition. Most often, this concerns data hunting,
i.e. obtaining interesting information or intellectual property. These attacks
can be accompanied by blackmail. For example, a client database is stolen from
a company and is later approached by the perpetrators and asked, “what they are
going to do about their loss”.
Different ways to monetize attacks bring
Organizations often find it difficult to admit they have been breached by these types of attacks. Consequently, this may give other companies the false impression that such attacks happen only occasionally. A typical example of targeted attacks, common in recent years, are DDoS as a Service – attacks, which are sponsored by one company to attack the website of another, with the effect of disrupting business and directing customers away from the targeted company and (possibly) towards the attacker’s “employer”. These are criminal tactics, and the attackers know very well which business areas to target for maximum gain.
There are of course other approaches. Take the example of the British National Health Service, which has become a frequent target of ransomware attacks. Digitization of health services has resulted in a situation where the malicious encryption of medical data may lead to a halt in medical interventions and surgeries. Under such conditions, targeted organizations are often more inclined to pay a ransom for the “hijacked” patient data.
In Kenya attackers have been known to target their attacks to banks and financial institutions, with figures of Ksh400 million being reported stolen from an unnamed local bank and Ksh29 million from National Bank of Kenya in 2018 alone.
Innovative approaches to old tricks
In many rural areas worldwide, one quick glance at powerlines will reveal how
easy it is to make illegal connections to the power grid. As of late,
cyberattackers have followed a similar model, focusing their resources on
illegally mining various cryptocurrencies, which have proven to be
highly popular in the public’s imagination.
A more complex example was a targeted attack meant to infect StatCounter,
which provides a service very similar to
Google Analytics and uses a special script legitimately placed on websites to
obtain data about website visitors. In this case, attackers successfully
breached StatCounter and subsequently gained access to the service’s end users
The problem came to light when visitors navigated to the now compromised websites
which contained the infected scrip, and who’s devices then began covertly
mining bitcoins for the attackers. During the second stage, the attackers proceeded
to steal bitcoins directly from infected devices when they attempted to
access a popular cryptocurrency exchange. To get an idea of the scale of such
an operation, StatCounter can be found on more than two million websites.
Such an attack means that system resources of
infected devices at the company legitimately using the service are additionally
tasked to mine. This may not concern only computers, but also mobile
devices and especially servers. The subsequent cryptomining accelerates wear
and tear on devices and also increases electricity bills. In addition, we
should not forget that malicious cryptomining code is usually capable of uploading
other types of malicious script onto the network.
Investigations may take months and are
looking for a needle in a haystack
When a large company falls victim to such
an attack, it is necessary to carry out a complicated investigation of what
happened and how the company has been affected. Research
shows that it takes about 150-200 days for companies to find out
they’ve been infected. Further investigation regarding the method by which the
company was infected and where the malicious code originated may take even longer.
Facing such substantial risks, large companies should leverage solutions like ESET Dynamic Threat Defense to detect new, never before seen threats.
To find out more about ESET Dynamic Threat Defense or to request a free in-house cyber security training session for your organisation, please sign up below.
Ransomware is by far the biggest threat among Enterprises. So what is Ransomware? It is a malicious code that blocks or encrypts the contents of a device and demands a ransom to restore access to the data.
According to research done by ESET, Companies named ransomware their number one concern.
In response to customer needs and concerns, ESET integrated Ransomware Shield into its security solutions. ESET has long been providing its customers with very good behavior-based malware detection and also with Host-based Intrusion Prevention System (HIPS) that allows users to set custom rules for the protection against ransomware. However, should something slip past the 11 other security layers, Ransomware Shield will be automatically activated.
While ransomware infection often starts with clicking a suspicious link or a fictitious invoice, ESET found that email remains the most common distribution method.
these scenarios, enter ESET Dynamic Threat Defense (EDTD). EDTD provides
another layer of security for ESET products like Mail Security and Endpoint
products. It utilizes a cloud-based sandboxing technology and multiple machine
learning models to detect new, never before seen type of threats. In result,
attachments that were classified as malicious are stripped off the email and
the recipient gets information about the detection.
To learn more about how ESET can protect your business, and to book a FREE in houseCybersecurity Training Session for your employees, please sign up below.