Ransomware, Phishing And Botnets

Uploaded on 2019-11-12 in NEWS-Cybersecurity News, FREE TO VIEW

There has been a 17% increase in cyberattacks over the past year and many organisations have begun to take cyber security far more seriously but have not yet done enough to really reduce the threats to their organisation. 

Now Webroot has released its annual Nastiest Malware list, shedding light on 2019’s worst cyber security threats. 

From ransomware strains and crypto-mining campaigns that delivered the most attack payloads to phishing attacks that wreaked the most havoc, it’s clear that cyber threats across the board are becoming more advanced and difficult to detect.

Ransomware

Ransomware is any malware that holds your data ransom. These days it usually involves encrypting a victim’s data before asking for cash (typically crypto-currency) to decrypt it. Ransomware ruled the malware world since late 2013, but finally saw a decline last year. The general drop in malware numbers, along with defensive improvements by the IT world in general (such as more widespread backup adoption), were factors, but have also led this threat to become more targeted and ruthless.

Ransomware continued to see success by evolving a more targeted model initially adopted in previous years. SMBs are the prime target as they struggle with limited security budget and skills. 

Whether its phishing attacks targeting employees or brute forcing unsecured RDP, ransomware is as effective as ever, cementing its place on our list for another year. The nastiest include:

Emotet and Trickbot and Ryuk (“Triple Threat”) – One of the most successful chains of 2019 in terms of financial damages. These strains have shifted their focus to more reconnaissance-based operations. They assign a value to the targeted network post infection and then send the ransom for that amount after moving laterally and deploying the ransomware.

Trickbot/Ryuk – The second stage payload for Emotet in the first half of 2019, Ryuk infections that are typically delivered by Trickbot result in the mass encryption of entire networks.

Dridex/Bitpaymer – Dridex is now being used as an implant in the Bitpaymer ransomware infection chain and is also being delivered as a second stage payload off of Emotet.

GandCrab – One the most successful instance of RaaS (ransomware-as-a-service) to date, the authors have boasted shared profits in excess of $2 billion.

Sodinokibi – Sodin / REvil – This combination arose after the retirement of GandCrab. It’s not uncommon for successful threat actors who receive a lot of attention to try to start new projects in an attempt remain successful.

Crysis/Dharma – Back for its second year on the Nastiest Malware list, this ransomware was actively distributed in the first half of 2019. Almost all infections observed were distributed through RDP compromise.

Phishing

Email-based malware campaigns increased dramatically in complexity and believability in 2019. Phishing campaigns became more personalised and extortion emails claimed to have captured lude behavior using compromised passwords. The nastiest phishing attacks include:

Company impersonation – The biggest security concern at the office is often an employee, not a hacker in some remote location. The year 2019 continued to prove that failure to follow best practices, including reuse and sharing of passwords and familiarity with the top impersonated brands like Microsoft, Facebook, Apple, Google and PayPal, caused significant damage.

Business Email Compromise (BEC) – In 2019 there was a rise of email address hijacking and deepfakes. Individuals who are responsible for sending payments or purchasing gift cards were targeted through spoof email accounts impersonating company executives or familiar parties. Victims were tricked into giving up wire transfers, credentials, gift cards and more.

Botnets 

Botnets remained a dominant force in the infection attack chain. No other type of malware delivered more payloads of ransomware or crypto-mining. The three nastiest include:

Emotet – The most prevalent malware of 2018 continued its dominance in 2019. Despite a brief shutdown in June, Emotet resurfaced in September as the largest botnet delivering varying malicious payloads.

Trickbot – Trickbot’s modular infrastructure makes it a serious threat for any network it infects. Its combination with Ryuk ransomware is one of the more devastating targeted attacks of 2019.

Dridex – Once considered one of the most prominent banking Trojans, Dridex is now used as an implant in the infection chain with Bitpaymer ransomware.

Crypto-mining and Crypto-jacking

The explosive growth of crypto-jacking sites in 2017-2018 is gone. Crypto-mining will not die entirely, however, because it is low-risk, guaranteed money, while also less “malicious” and profitable than ransomware. The nastiest campaigns of 2019 include:

Hidden Bee – An exploit delivering crypto-mining payloads, Hidden Bee first started last year with IE exploits and has now evolved into payloads inside JPEG and PNG images through stenography and WAV media formats flash exploits.

Retadup – A crypto-mining worm with over 850,000 infections, Retadup was removed in August by Cybercrime Fighting Center (C3N) of the French National Gendarmerie after they took control of the malware’s command and control server.

HelpNetSecuriy 1        HelpNetSecurity 2:              Webroot 1          Webroot 2 


You Might Also Read:

New Ransomware Formats Double:

Malware Has Increased By 64%:

 

 

« Artificial Intelligence & The Ethics Of War
BBC Goes To The Darkside On Tor »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CloudEndure

CloudEndure

CloudEndure offers Disaster Recovery and Continuous Replication for the Cloud.

Intelligent Waves

Intelligent Waves

Intelligent Waves holds and manages contracts to provide an array of intelligence, operational, communications and IT support to the USG in austere, forward-deployed, hazardous duty environments.

Red Points

Red Points

Red Points protects your brand and content in the digital environment.

DeepView

DeepView

DeepView delivers a unified platform for managing risk on digital platforms. One interactive secure portal allowing employees to engage their networks securely and compliantly.

Gordian Networks

Gordian Networks

Gordian Networks offers complete managed IT services and IT support for small to large businesses.

World Informatix Cyber Security (WICS)

World Informatix Cyber Security (WICS)

World Informatix Cyber Security provides a range of cyber security services to protect valuable information assets to global business and governments.

Microland

Microland

Microland’s delivery of digital is all about making technology do more and intrude less for global enterprises. Our services include Cloud & Data Center, Networks, Cybersecurity and more.

Bionic

Bionic

Bionic is an agentless way to get control over your increasingly complex applications so you can manage, operate, and secure them faster and more efficiently.

Conseal Security

Conseal Security

Mobile app security testing done well. Conseal Security are specialists in mobile app penetration testing. Our expert-led security analysis quickly finds security vulnerabilities in your apps.

Matrium Technologies

Matrium Technologies

Matrium Technologies has been a leading provider of technology solutions since 1991, with a strong industry background in Network Testing, Network Visibility and Security.

Retruster

Retruster

Protect your users against phishing emails, ransomware & fraud with the most advanced, user-friendly, non-intrusive solution available.

Creative Destruction Lab (CDL)

Creative Destruction Lab (CDL)

Creative Destruction Lab is a nonprofit organization that delivers an objectives-based program for massively scalable, seed-stage, science- and technology-based companies.

Fulcrum Technology Solutions

Fulcrum Technology Solutions

The Fulcrum team of technologists are recognized experts in the fields of IT Infrastructure Technology, Security, Service Management and Support.

New Relic

New Relic

After inventing application performance monitoring (APM), New Relic stands at the forefront of observability with the most advanced platform for eliminating digital interruptions.

Locket Cybersecurity

Locket Cybersecurity

Locket’s certified students provide pro-bono security audits for small and medium-sized businesses in the Chicagoland area.

Hurricane Labs

Hurricane Labs

Hurricane Labs is a managed security services provider (MSSP) that focuses on Splunk.