Intelligent CIO Africa Issue 25 - Page 25

+ EDITOR’S QUESTION RAJ SAMANI CHIEF SCIENTIST AND MCAFEE FELLOW, ADVANCED THREAT RESEARCH /////////////////// H idden hacker forums and chat groups serve as a market for cybercriminals, who can buy malware, exploits, botnets, and other shady services. With these off-the-shelf products, criminals of varying experience and sophistication can easily launch attacks. In 2019, we predict the underground will consolidate, creating fewer but stronger malware-as-a-service families that will actively work together. These increasingly powerful brands will drive more sophisticated cryptocurrency mining, rapid exploitation of new vulnerabilities, and increases in mobile malware and stolen credit cards and credentials. We expect more affiliates to join the biggest families, due to the ease of operation and strategic alliances with other essential top-level services, including exploit kits, crypter services, Bitcoin mixers, and counter- antimalware services. We still see numerous types of ransomware pop up, but only a few survive because most cannot attract enough business to compete with the strong brands, which offer higher infection rates as well as operational and financial security. Underground businesses function successfully because they are part of a trust- based system. We have seen this trust in the past, with the popular credit card shops in the first decade of the century, which were a leading source of cybercrime until major police action broke the trust model. As endpoint detection grows stronger, the vulnerable remote desktop protocol (RDP) www.intelligentcio.com offers another path for cybercriminals. In 2019, we predict malware, specifically ransomware, will increasingly use RDP as an entry point for an infection. Currently, most underground shops advertise RDP access for purposes other than ransomware, typically using it as a stepping stone to gain access to Amazon accounts or as a proxy to steal credit cards. Targeted ransomware groups and ransomware-as-a-service (RaaS) models will take advantage of RDP, and we have seen highly successful under-the-radar schemes use this tactic. We also expect malware related to cryptocurrency mining will become more sophisticated, selecting which currency to mine on a victim’s machine based on the processing hardware and the value of a specific currency at a given time. We have noticed a trend of cybercriminals becoming more agile in their development process. They gather data on flaws from online forums and the Common Vulnerabilities and Exposures database to add to their malware. We predict that criminals will sometimes take a day or only hours to implement attacks against the latest weaknesses in software and hardware. We expect to see an increase in underground discussions on mobile malware, mostly focused on Android, regarding botnets, banking fraud and ransomware, and bypassing two-factor authentication security. Credit card fraud and the demand for stolen credit card details will continue, with an increased focus on online skimming operations that target third-party payment platforms on large e-commerce sites. From these sites, criminals can silently steal thousands of fresh credit cards details at a time. Furthermore, social media is being used to recruit unwitting users, who might not know they are working for criminals when they reship goods or provide financial services. We predict an increase in the market for stolen credentials – fuelled by recent large data breaches and by bad password habits of users. The breaches lead, for example, to the sale of voter records and email-account hacking. These attacks occur daily. INTELLIGENTCIO 25