Cryptomining attacks such as Monero, Coinhive, Cryptoloot and Jesscoin surged in 2018. Check Point Research claims they were more prevalent than ransomware with an estimated 42 percent of organizations exposed. The exploits circulate through social media, messaging systems, Google Play and thousands of infected sites and PCs. These attacks aren't trivial – cryptominers seek to take control of high-performance computing clusters in order to mine currency. Tesla and computers at a Russian nuclear facility were all attacked in the last few months. Fortinet warns that attack frequency increases when crypto prices rise.
Enterprise IT is becoming a cloud-first affair, so criminals are developing sophisticated tools to use against cloud storage services. Check Point claims 51 percent of organizations worldwide, including FedEx, Intel and Honda, have experienced such attacks. Use of weak passcodes, poor security practices and the accidental installation of data exfiltration software have all contributed to this activity. Criminals are also exploring publicly available cloud service APIs to find weaknesses they can later exploit. Recent reports claimed a rapid increase in attacks against Office 365, for example.
Criminals are developing multi-platform attacks. The idea is that rather than targeting a single operating system, they can maximize the potential of their attacks by wrapping exploits against multiple systems inside a single piece of malware. A new advanced persistent threat (APT) called "Dark Caracal" began as an attack on mobile devices and has now mutated into a multi-platform attack against Mac, Linux, and Windows systems. Another attack, Roaming Mantis, now includes different forms of attacks (phishing for iOS, DNS-hijacking for Android) inside of one nasty package. The attack also targets routers, so it is good practice to update router firmware frequently.
Criminals are attempting to undermine manufacturing and supply chain security to install malware inside devices before they leave the factory. Check Point warned in March that nearly five million Android devices from various manufacturers were infected with malware disguised as legitimate system code that was installed before they left their factories. A key Apple supplier saw its manufacturing systems briefly taken offline after becoming infected by malware from a third party. More traditional malware attacks continue to be a problem, with August 2018 seeing a significant spike in attacks using the Ramnit banking trojan. Fortinet estimates that every business is exposed to 13 unique malware variants each day, warning that five percent of successful infections last over a week, with financial and reputational consequences.
Digital transformation means our personal and business lives are mobile. Criminals recognize this and are figuring out how to design legitimate apps that do what they claim to do, but also contain malware for data exfiltration and more. We mentioned earlier a recent Apple incident, but Android is also impacted, with a vast amount of adware, banking and remote access trojans (RAT) buried inside innocent seeming solutions, such as battery performance apps. These dangerous exploits can steal a wide range of critical information, performing shell commands, grabbing location data and more. It's best practice to avoid installing software from unknown vendors or stores.
Ransomware remains a significant threat to digital business with analysts warning that every enterprise has been exposed to ransomware malware. There appears to be some blindness as to how these attacks work: around 93 percent of successful ransomware attacks use email as their attack vector – but just seven percent of security spending is dedicated to email protection, according to CRN.
The VPNFilter botnet malware, which is attributed to cyber-espionage groups, has impacted routers at critical national infrastructure in over 100 countries. What makes this so dangerous is that it both exfiltrates data and can also render devices inoperable. The 2017 NotPetya attack is also blamed on state-sponsored actors.
Further ahead, with AI becoming a critical component in threat intelligence, systems analysts warn criminals are analyzing the pattern matching systems that drive these protections in order to work out how to undermine this protection. Attendees at Black Hat 2018 speculate that in the future, attackers will develop their own AI tools to help deliver more effective attacks. These implementations underscore the importance of threat intelligence and the pressing need for shared threat intelligence.
What to do?
Enterprises must recognize that security threats are evolving rapidly. This means that while it remains essential to impose strong virus and malware detection solutions, firewalls and other now-standard security protections, it is vital to recognize that more sophisticated threats also exist. To combat these, enterprises should think about shared threat intelligence and security awareness schemes like the Cyber Threat Alliance. It is also important to take a "not if, but when" approach to protection. If your systems are compromised, internal data monitoring systems may deliver the first warning that an attack, particularly a zero-day attack, is taking place.
Learn how Orange Cyberdefence uses a network of Security Operations Centers to monitor and manage security on behalf of our international customers.
Jon Evans is a highly experienced technology journalist and editor. He has been writing for a living since 1994. These days you might read his daily regular Computerworld AppleHolic and opinion columns. Jon is also technology editor for men's interest magazine, Calibre Quarterly, and news editor for MacFormat magazine, which is the biggest UK Mac title. He's really interested in the impact of technology on the creative spark at the heart of the human experience. In 2010 he won an American Society of Business Publication Editors (Azbee) Award for his work at Computerworld.