Cyber Criminals Are Aiming At Business

2018 has been the year when crypto-miners first dethroned ransomware as the most prevalent threat due to a meteoric spike in Bitcoin value in late 2017, then slowly trailed off when it began to nosedive.
 
It’s also been the year of the mega breach (Facebook, Marriott, MyHeritage, Quora, etc.), the year when extortionists and sextortionists began increasingly capitalising on stale PII from old breaches, and the year when malicious spam replaced exploits as the favorite attack vector. Finally, 2018 has also been the year when cybercriminals definitely realised businesses are juicier targets than individuals.
 
“Over the year, we have seen more attacks against businesses, more detections of malware on their endpoints, and a greater focus on what cybercriminals consider a more lucrative target,” Malwarebytes shared in its latest yearly State of Malware report.
 
“In fact, four of our top seven business detections increased by more than 100 percent from 2017 to 2018.”
 
The biggest malware threats
Trojans – a broad designation used for malware that does not fall directly into spyware or adware or backdoor categories – tops the list of Malwarebytes’ most common business detections in all regions of the globe.
The category was topped by the Emotet family, which uses exploits (e.g., EternalBlue) to compromise unpatched systems, credential brute forcing to move laterally throughout corporate networks, and its built-in spam module to send out malicious spam and infect systems outside the network.
 
“Spyware detections have climbed significantly due to similar variants and families of Emotet and TrickBot being identified as spyware in the wild—a clear sign of the focus threat actors have placed on information stealing and establishing holds on corporate networks,” the researchers noted.
 
Emotet and TrickBot are former banking Trojans with have evolved into droppers with multiple modules for spam production, lateral propagation through networks, data skimmers, and even crypto-wallet stealers, in other words, ideal tools for stealing ultra-sensitive data from businesses.
 
Trickbot often accompanies Emotet, as the latter drops the former as a secondary payload. Like Emotet, it exploits a SMB vulnerability (with the EternalRomance exploit) for lateral movement inside a network.
 
Ransomware is also being pushed more onto businesses. SamSam-wielding criminals continue to target organisations in many verticals, and it has recently been shared by CrowdStrike and FireEye researchers that a cybercriminal group dubbed Grim Spider has been using the Ryuk ransomware to exclusively target enterprises which have previously been compromised via the TrickBot Trojan.
 
Other notable threats in 2018 were website data-harvesting attacks (Magecart), malicious browser extensions, plugin and browser exploits, IoT malware, and various scams.
 
What’s to Come?
With the proviso that they can only make educated guesses about the likely 2019 threats and trends, the researchers have shared their predictions for the year.
 
Interspersed among the expected ones, more IoT botnets, the slow death of crypto mining on desktops, the increase of frequency and sophistication of digital skimming, SMB vulnerabilities continuing to be challenging for organizations – are some uncommon ones:
• Sound loggers – keyloggers that are able to listen to the cadence and volume of tapping to determine which keys are struck on a keyboard, will slip into the wild.
• AI will be used to create and modify malicious executables in order to avoid being detected by deployed security tools.
• Bring Your Own Security (BYOS). “More and more consumers are bringing their own security to the workplace as a first or second layer of defense to protect their personal information,” the researchers concluded.
 

HelpNetSecurity:

You Might Also Read:

The Attack Surface Is Growing Faster Than Ever:

« US Intelligence Chief Warns Of ‘ever more diverse’ Threats
Hackers Use PayPal To Go Phishing »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Virtustream

Virtustream

The Virtustream Enterprise Class Cloud provides a secure, highly available, Infrastructure as a Service (IaaS) to enterprises and government customers.

Copenhagen FinTech

Copenhagen FinTech

Copenhagen FinTech is a centre for R&D and innovation in the Danish finance IT sector. Focus areas include cyber security and payments platforms.

Japan Information Security Audit Association (JASA)

Japan Information Security Audit Association (JASA)

JASA is non-profit association active in developing and managing the quality of Information Security Auditing and Auditors in Japan.

NinjaJobs

NinjaJobs

NinjaJobs is a community-run job platform developed by information security professionals. We focusing strictly on cybersecurity positions.

Tech Nation

Tech Nation

Tech Nation is the UK’s first national scaleup programme for the cyber security sector, aimed at ambitious tech companies ready for growth, at home and abroad.

Sequretek

Sequretek

Sequretek was formed with the aim to “Simplify Security”. We envision a future where enterprise networks are streamlined, secure and simple.

VIQU Recruitment

VIQU Recruitment

VIQU Recruitment was formed with the primary focus of providing 'Smarter People Solutions' to the UK’s professional IT & Cyber Security markets.

NuID

NuID

NuID is a pioneer in trustless authentication and decentralized digital identity.

Trava Security

Trava Security

Trava simplifies cyber risk management for business owners and IT professionals. Automated assessments, mitigation advising, and data-driven cyber insurance.

INVISUS

INVISUS

INVISUS protects businesses against the latest cyber risks – including business and employee identity theft, data breaches, and cybersecurity compliance.

Cigent Technology

Cigent Technology

Cigent keeps the most valuable asset in your organization safe—your data. Our advanced endpoint and managed network security solutions prevent ransomware and data theft.

Hex-Rays

Hex-Rays

Founded in 2005, privately held, Belgium based, Hex-Rays SA focuses on the development of fast, stable, and robust binary analysis tools for the IT security market.

OpsHelm

OpsHelm

OpsHelm provides a Software-as-a-Service solution to help businesses ensure that all of their cloud environments have their security bases covered.

Infoline Tec Group Berhad

Infoline Tec Group Berhad

Infoline Tec Group Berhad is principally involved in providing IT infrastructure solutions, cybersecurity service provider and solutions, managed IT and other IT services.

SECQAI

SECQAI

At SECQAI we create dual-use hardware and software to enable the future of computing.

Sattrix Information Security

Sattrix Information Security

Sattrix Information Security helps small, mid, and large enterprises in the area of digital transformation with a focus on information security.