MANILA, Philippines – The underworld of cybercrime is getting smaller, yet those who still seek to profit from it are growing more sophisticated. This is one of the takeaways from the SophosLabs 2019 Threat Report, released earlier this month.
The report by SophosLabs researchers details changes to the threat landscape over the past year, and outlines 3 major trends and threats we may have to face in 2019.
Joe Levy, Chief Technology Officer at Sophos, said in the 2019 Threat Report, "The threat landscape is undoubtedly evolving; less skilled cyber criminals are being forced out of business, the fittest among them step up their game to survive and we will eventually be left with fewer, but smarter and stronger, adversaries."
Targeted ransomware attacks
The first major trend is the rise of the targeted ransomware cyberattack – malware designed for a specific victim that steals data and asks the victim to pay a price to get the data back.
Sophos said capitalist cybercriminals are now using these targeted attacks to hold data for ransom, with the targeting meant to make the attack more damaging and potent. (READ: Ransomware, the weapon wielded in cyberattacks)
The firm expained human attackers aiming to get money out of specific entities can stake out their victims, think laterally, troubleshoot and get past hindrances or other roadblocks to delivering the ransomware, and then wipe out the backups to force victims to pay the ransom for a lucrative windfall for the attackers.
Using Windows tools for attacks
Advanced Persistent Threat actors (APTs) are now using readily available tools meant for system administrators to do their dity work for them. Specifically, cyberattackers are using Windows IT administrator tools – such as Powershell files and Windows Scripting executables – to fire off their attacks.
These attacks are also chained – firing off in succession like a chain reaction – to avoid detection and make it more difficult to prevent the payload from executing.
Additionally, cybercriminals are using newer Office document exploits and joining known exploits, such as NSA exploit EternalBlue, to cryptomining software to attack companies. By exploiting companies with cryptomining malware, the cybercriminals are able to mine for cryptocurrency, earn money, and make it costlier for a company to operate by increasing their electricity consumption, among other things.
Mobile and Internet of Things malware is here to stay
Targeting companies is just one way cybercriminals make money, however. Mobile malware is also growing alongside malware connected to Internet of Things (IoT) devices.
Sophos said 2018 "has seen an increased focus in malware being pushed to phones, tablets and other Internet of Things devices. As homes and businesses adopt more internet-connected devices, criminals have been devising new ways to hijack those devices to use as nodes in huge botnet attacks." (READ: Mozilla lists potentially unsecure gadgets in time for holidays)
These botnets can be used to fire off Distributed Denial of Service (DDoS) attacks against organizations and companies, to mine cryptocurrency, or to infiltrate other networks.