Ransomware & Malware Make Way For New Attack Vectors

There has been a major decline in ransomware and malware attacks some countries like  Ireland having some of the lowest rates globally, according to the latest threat intelligence report from Microsoft. New figures indicate that global ransomware attacks fell by 60% between March and December of last year, while malware attacks declined in general. 

Instead, threat actors are launching campaigns that rely on more covert attack techniques such as phishing and social engineering in general.

Cyber Criminals took to Crypto-Jacking last year
Crypto-jacking is the illegitimate use of a system’s resourcing powers for mining cryptocurrency. Microsoft detected far more crypto-jacking attacks than ransomware campaigns in 2018, with the average monthly detection rate for crypto-jacking reaching 0.12%, more than twice the rate for ransomware (0.05%).

Ransomware still makes headlines, however, we encounter it at much lower volumes compared to other malware, and tactics such as cryptocurrency mining. Ransomware attacks happen when bad actors encrypt and threaten to delete a user’s or organisation’s valuable information unless they pay a ransom. Ransomware has been on the decline in recent times since victims have not been paying the ransoms and companies have been able to retrieve locked up files from their backups. Still, it continues to be a threat in some regions, primarily due to a lack of security hygiene, with occasional spikes in encounter rates.

The latest Microsoft Threat Intelligence Report also reveals that hackers have pivoted to more covert means, with an increased focus on exploiting users through social engineering methods like phishing to gain access and exploit data.  Phishing rates have increased with cyber-criminals also covertly using victims’ compromised computers for crypto-currency mining.

While crypto-currency mining is not a new phenomenon, there has been an increase in its prevalence globally over the last year. In 2018, the average worldwide monthly crypto-currency coin mining encounter rate was 0.12%, compared to just 0.05% for ransomware. 

Many factors contribute to the increased popularity of mining as a payload for malware. Unlike ransomware, crypto-currency mining does not require user input, it works in the background, while the user is performing other tasks or is away from the computer and may not be noticed at all unless it degrades the computer’s performance sufficiently.

Targeting Cloud Providers 
Cloud providers such as Microsoft Azure are perennial targets for attackers seeking to compromise and weaponise virtual machines and other resources. The attacker can then use these virtual machines to launch attacks, including brute force attacks against other virtual machines, to deliver spam campaigns that can be used for email phishing attacks, for reconnaissance such as port scanning to identify new attack targets, and for other malicious activities. 

Malware
Good computer hygiene helps to mitigate the risks of malware. Typically, when we see high rates of malware, it’s a result of poor security hygiene and low user security education and awareness. Using unlicensed and/or pirated software can also be a source of malware. 

Sources that illegitimately offer free software or content, such as streaming videos, will often include malware. Some potential reasons for the overall decrease in malware encounter rates in 2018 are the growth in adoption of Windows 10, and increased use of Windows Defender for protection. Even if there is an intermittent slowdown in malware encounter rates, attackers don’t stand still, rather, they continue to evolve their techniques.

Drive-by Download
A drive-by download (DBD) is an unintentional download of malicious code to an unsuspecting user’s computer when they visit a web site. The malicious code could be used to exploit vulnerabilities in web browsers, browser add-ons, applications, and the operating system. 

Users can be infected with malware simply by visiting a website, even without attempting to download anything. In our research, we track drive-by downloads that affect web browser vulnerabilities. 

Drive-by downloads can be hosted on legitimate websites. Attackers gain access to legitimate sites through intrusion or by posting malicious code to a poorly secured web form, like a comment field on a blog. 

It can be difficult for even an experienced user to identify a compromised site from a list of search results. More advanced drive-by download campaigns can also install ransomware or even crypto-currency mining software on a victim machine.

HelpNetSecurity:         Microsoft

You Might Also Read:

Cybersecurity 2019: Predictions You Can’t Ignore:

Dealing With Malicious Emails:

 

« Wanted: An International Cyber Security Law
WannaCry Has Not Gone Away »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Device Authority

Device Authority

Device Authority specialises in security automation for the Internet of Things (IoT).

New Zealand Internet Task Force (NZITF)

New Zealand Internet Task Force (NZITF)

The New Zealand Internet Task Force (NZITF) is a non-profit with the mission of improving the cyber security posture of New Zealand.

Slovenian Digital Coalition

Slovenian Digital Coalition

Slovenian Digital Coalition is a coalition working in the field of smart cities, e-commerce, e-skills, e-inclusion, cyber security, internet and other areas related to developing the digital society.

Alpine Cyber Solutions

Alpine Cyber Solutions

Alpine Cyber is a Managed IT Service Provider focused on cybersecurity and cloud services.

GreyNoise Intelligence

GreyNoise Intelligence

GreyNoise Intelligence is a cyber security company that collects, labels, and analyzes Internet-wide scan and attack data.

CybX Security LLC

CybX Security LLC

CybX is the first company of its kind to merge the practice of computer forensics with computer security and information security.

Leidos

Leidos

Leidos is a recognized leader in cybersecurity across the federal government, bringing more than a decade of experience defending cyber interests globally.

YorCyberSec

YorCyberSec

YorCyberSec act as a trusted Cyber and Information Security broker and procurement specialist. We help companies to Reduce Risk, Increase Assurance and Improve Performance.

Nanitor

Nanitor

Nanitor is a powerful cybersecurity management platform focusing on hardening security fundamentals across your global IT infrastructure.

Singtel Innov8

Singtel Innov8

Singtel Innov8, the venture capital arm of the Singtel Group, invests in and partners with innovative technology start-ups globally.

TuxCare

TuxCare

TuxCare make Linux more secure. We take care of Linux so that organizations can use Linux to support environments that require high levels of Cybersecurity, stability, and availability.

Allot

Allot

Allot are a global provider of leading innovative network intelligence and security solutions for Service Providers and Enterprises worldwide.

Orbis Cyber Security

Orbis Cyber Security

Orbis is one of the leading cybersecurity company in USA. Our cybersecurity specialist defends your data, combat threat, and modernize your compliance.

Kusari

Kusari

Securing your software supply chain starts with understanding. Kusari is on a mission to bring transparency to your software supply chain and power secure development.

Xcelerate Solutions

Xcelerate Solutions

Xcelerate Solutions is a leading defense and national security company, providing integrated solutions in three service areas – Enterprise Security, Digital Transformation, and Strategic Consulting.

Forward Networks

Forward Networks

Forward Networks - transforming networks to be more reliable, agile, and secure.