Lateral phishing, ransomware explosion and cryptojacking: the leading cyberthreats in 2019

A slew of security breaches plagued 2019, with attacks increasing on government agencies and private enterprises. The U.S. Customs and Border Protection agency, for example, confirmed that one of its contractors was hacked, compromising tens of thousands of images of vehicle license plates and pictures of drivers taken at border control checkpoints. Quest Diagnostics disclosed that a cyberattack had affected 11.9 million patients after hackers gained access to financial data. In another attack, Taiwanese hardware company Asus was forced to push out a security update after an estimated one million PCs were infected with malware. And the list goes on.

With cyberattacks now having the potential to bring down a business, cybersecurity awareness has topped many boardroom agendas. Research by Juniper Research revealed that rapid digitization across enterprises and our daily lives would increase the cost of data breaches globally to $2.1 trillion in 2020, nearly four times the estimated cost of breaches in 2015. The Ponemon Institute believes the average cost of a data breach is now $3.92 million.

Phishing has gotten more sophisticated

Phishing has established itself on top cybersecurity trend lists year after year – but phishing attacks have gotten smarter.

Phishing is using deceptive emails and websites to gather user data, such as login details and credit card numbers. Cybercriminals are also using other attack vectors, like SMS texting attacks, to get information. The most successful phishing attacks impersonate senior executives, business partners and government organizations.

Teams of researchers from UC Berkeley and UC San Diego have noted a growing trend for a new genre of account takeover, dubbed lateral phishing. This is the process of using a hacked email account that a person corresponds with to solicit personal information.

Ransomware continues to accelerate

Ransomware attacks surged this past year and show no signs of abating. Trend Micro found a 77% hike in ransomware attacks in the first half of 2019, even though fewer ransomware families were detected.

Networking encrypting attacks have crept back up with McAfee seeing a 118% jump in ransomware attacks for the first quarter of 2019. New techniques have also appeared. McAfee noted a new ransomware family called Anatova, which is unusual in that it is modular in design, so paves the way for new mutations. Cybercriminals have also increasingly been gaining illegal access to company systems through exposed remote access points, such as virtual network computing (VNC).

Three times last year, the City of Cornelia in the U.S. was crippled by ransomware attacks on its computerized billing system, latterly targeting water utilities. The city installed a new firewall to help fix the problem. More recently, the Rouen University Hospital-Charles Nicolle in Northern France fell victim to ransomware, impacting all five sites across the hospital complex. Two Florida cities took the unusual step of paying off their ransomware attackers instead of exposing municipal data.

Ransomware losses have been significant. Norsk Hydro, for example, estimates that a cyber-attack cost the aluminum producer $52 million, impacting 170 sites across 40 countries. Production lines had to be switched off and, in some cases, returned to manual functions such as pen and paper.

Cryptojacking trending

The use of crypto-mining malware has also been rising. Mining for cryptocurrency, such as Monero, is compute-power intensive. Cybercriminals hijack enterprises’ computers to carry out mining activities, which can lead to performance issues. Hackers can also add crypto-mining capabilities to infected machines that they are already controlling.

Cryptojacking can result in expensive downtime as IT departments try to track down where the problems are coming from.

In May of last year, Trend Micro noted that the RIG exploit kit, which usually starts with a malicious actor compromising a website to inject malicious code/script that redirects victims to the kit’s landing page, had begun to deploy Monero miner as its final payload. In September, Trend Micro spotted a Linux malware called Skidmaps that releases Monero miners onto web servers.

Bigger, bolder threats reignite interest in SOCs for protection

With the increased complexity, voracity and size of attacks, together with the gargantuan task of managing security alerts, enterprises are again looking at security operation centers (SOCs), with a focus on threat detection and response, according to Gartner.

While some are looking to build or re-energize their SOCs, many enterprises are outsourcing the function so they can concentrate their efforts on revenue-generating activities. By 2022, 50% of all SOCs will incorporate incident response, threat intelligence and threat hunting capabilities, a leap from less than 10% in 2015, predicts Gartner.

Enterprises are also investing in tools that are far more sensitive and balance response and detection versus prevention, maintains Gartner. More sophisticated tools and alerts have resulted in a need to centralize and optimize operations in SOCs.

At the same time, it is putting a higher dependence on automation. By 2021, half of the legitimate security alerts will have an automated response that is untouched by human analysts, according to IDC.

And so the fight against cybercrime continues

An increasingly hyper-connected world is creating more opportunities for cybercriminals to find vulnerabilities. Every IT infrastructure, big or small, is a target. And so the organizations’ cat and mouse game to stay one step ahead of cybercriminals continues.

In today’s ever-expanding threat landscape, you need to adopt holistic threat management to protect against the reality of continuous advanced threats coming your way. Read how in our brochure: Six steps to effective threat management.