Security Market Segment LS
Tuesday, 11 December 2018 10:41

Ransomware still dominates the global threat landscape Featured

By
Ransomware still dominates the global threat landscape Image courtesy of Stuart Miles at FreeDigitalPhotos.net

Ransomware attacks continue to be the world’s main security threat and the most profitable form of malware, but a new global report claims that despite “copious” numbers of infections daily there’s emerging signs the threat is no longer growing.

According to the top security predictions for 2019 from security firm Bitdefender, ransomware lost its spot as the number one cyber threat to consumers and enterprises during the first half of 2018, after topping the list for many years, and growth is now plateauing as the year comes to an end.

Bitefender attributes the slowdown in growth to ransomware taking a “well documented” back seat to crypto-jacking in the past year as bad actors moved towards stealing computing power to generate digital currency whilst flying under the radar.

“But an even heftier factor behind ransomware’s stagnation is the emergence of dedicated solutions aimed directly at thwarting this form of malware,” Bitdefender says.

“There will always be new versions of ransomware, some more complex than others and some harder to catch, but we don’t expect ransomware to take on much bigger proportions. At least not bigger than in the past year.”

But, despite being somewhat outpaced by cryptojackers, Bitdefender says ransomware has made a rapid recovery, “showing that file-encrypting malware is here to stay” – and “all signs point to a 2019 defined by new emerging threats”.

The report from Bitfefender looks at the security landscsape covering a number of areas, including the Internet of Things (IoT), macOS attacks and what the security company describes as “the shift to mobile attacks”.

Here’s the report:

  • Internet of Things (IoT)

We expect more attacks leveraging Internet of Things (IoT) / smart and connected devices. As lawmakers scramble to come up with a way to regulate the IoT space, attackers will continue to capitalise on their inherent weaknesses. Hackers are becoming better at hijacking IoT products like baby monitors, surveillance cams and other home appliances. And connected medical devices are far from safe either. In fact, body implants that support wireless connectivity may lead to the first ransomware attacks where you need to pay or die. Sound wild? Just remember that, in 2013, former US Vice President Dick Cheney asked his doctors to disable the wireless function in his pacemaker to thwart the potential of terrorists hacking it.

In another noteworthy trend in the IoT landscape, manufacturers are jumping on the cellular bandwagon, gradually moving their IoTs from WiFi to LTE and from ipv4 to ipv6. While this shift promises increased security, it will likely open up a new can of worms since it’s relatively new ground for the IoT ecosystem.

  • macOS attacks on the rise

Apple’s share of the desktop market is rising, and malware designed to infect Macs is growing along with it. We project an increase in the number of attacks targeting Mac users, something we are already beginning to see in our internal telemetry. Our data shows not just new macOS-specific malware, but also macOS-specific mechanisms and tools designed to capitalise on Macs post-breach. We’ve already seen this in past APTs that housed Mac-specific components.

  • MACROs and fileless attacks

Attacks leveraging Microsoft Office MACROs will also increase in number and scope. MACROs are a feature, not a bug  as the old adage goes. Which makes it the perfect bait for victims prone to social engineering scams – where the attacker convinces the victim to essentially partake in their own abuse.

We expect file-less attacks – such as those leveraging powershell and other system-bound formats like reg, mshta etc. – to also increase in scope in the year to come.

  • Potentially unwanted applications (PUA) and cryptojacking

Potentially unwanted applications (PUA), including adware, don’t pose a tremendous threat in and of themselves, but they’re not innocent either. For example, you could download a seemingly legitimate application not knowing it’s bundled with crypto miner or even malware.

We forecast an increase in JavaScript-based miners embedded in webpages – like the YouTube cryptojacking incident where attackers conducted a malvertising campaign and injected miners within ads displayed on YouTube.

Finally, we can expect a shift from drive-by-downloads of malware to full blown drive-by-mining. In other words, the use of web-mining APIs that perform crypto-mining, directly in the user’s browser, instead of exploit-kits to download malware onto the victim’s computer.

  • Combating invisible threats

Network-level exploits will enter the limelight next year, and they will likely be hyped by social media, if history is any indication. And researchers will have to devote considerable resources to analyzing hardware-based implants, hardware backdoors, and hardware design flaws, as well as supply chain compromises in software.

  • APTs targeting banks

We expect advanced persistent threats to continue emerging, with a renewed focus on the banking sector, reminiscent of the Carbanak group making headlines in 2014 for using an APT-style campaign to steal money from banks. The malware was reportedly introduced via phishing emails, with the hackers said to have stolen hundreds of million dollars not only from banks, but from more than a thousand private customers as well.

  • GDPR to show its fangs

Here’s a positive prediction for a change: Thanks to the EU’s renewed effort to protect personally identifiable information – in the form of the General Data Protection Regulation that took effect in May this year – we should expect fewer “credential leaks” to occur, or at the very least make headlines. Security incidents will be more thoroughly contained at an organisation level in an effort to avoid penalties that could force a business into bankruptcy. Remember that the GDPR can dish out fines of up to 4% of the victim’s annual turnover, which can translate into hundreds of millions and even billions of dollars in the case of large enterprises and corporations.

  • A shift towards mobile attacks

Fintech services are paving the way to a very profitable new trend for hackers, particularly in the mobile space. The more money they manage on behalf of their users, or the tighter the integration with traditional banking systems, the more attention they will get from cybercrooks who will likely develop new threats targeting these specific services in 2019.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments