Intelligent CIO Europe Issue 9 - Page 28

TRENDING key tactics cybercriminals are using to attack businesses. Maya Horowitz, Threat Intelligence Group Manager at Check Point, said: “The first half of this year saw criminals continue the trend we observed at the end of 2017 and take full advantage of stealthy cryptomining malware to maximise their revenues. “We’ve also seen increasingly sophisticated attacks against cloud infrastructures and multi-platform environments emerging. These multi-vector, fast-moving, large-scale Gen V attacks are becoming more and more frequent and organisations need to adopt a multi-layered cybersecurity strategy that prevents these attacks from taking hold of their networks and data.” Top cryptominers during H1 2018 1. Coinhive (30%) – A cryptominer designed to perform online mining of the Monero cryptocurrency without the user's approval when a user visits a web page. Coinhive only emerged in September 2017 but has hit 12% of organsations worldwide 2. Cryptoloot (23%) – A JavaScript cryptominer designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user's approval 3. JSEcoin (17%) – A web-based cryptominer designed to perform online mining of Monero cryptocurrency when a user visits a web page without the user's approval Top ransomware during H1 2018 4. Locky 1. Locky (40%) (40%) – Ransomware Ransomware that that spreads mainly via spreads mainly spam via emails spam containing emails a downloader, a disguised containing downloader, as a disguised Word or zip attachment, as a Word or before zip attachment, installing malware before that encrypts installing malware the user that files encrypts the 5. user WannaCry files (35%) – Ransomware that 2. WannaCry was spread in (35%) a large-scale – Ransomware attack that in May 2017, was spread utilising in a the large-scale Windows attack SMB exploit, in May EternalBlue, 2017, utilising to the propagate Windows within SMB and exploit, between networks EternalBlue, to propagate within and 6. between Globeimposter networks (8%) – Distributed 3. Globeimposter by spam campaigns, (8%) malvertising – Distributed and spam by exploit campaigns, kits. Upon malvertising encryption, the ransomware and exploit kits. Upon appends encryption, the .crypt extension the ransomware to each appends encrypted the file crypt extension to each encrypted file 28 INTELLIGENTCIO Maya Horowitz, Threat Intelligence Group Manager at Check Point • Cryptocurrency miners evolve – In 2018, cryptominers have been upgraded with vastly improved capabilities, becoming more sophisticated and even destructive. Motivated by a clear interest to increase the percentage of computational resources leveraged and be even more profitable, cryptominers today target anything that could be perceived as being in their way. Cryptominers have also highly evolved recently to exploit high-profile vulnerabilities and to evade sandboxes and security products in order to expand their infection rates Top mobile malware during H1 2018 1. Triada (51%) – A modular backdoor for Android which grants superuser privileges to downloaded malware as it helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser 2. Lokibot (19%) – A mobile banking trojan which targets Android smartphones and turns into a ransomware upon an attempt of the victim trying to remove its admin privileges 3. Hidad (10%) – Android malware which repackages legitimate apps and then releases them to a third party store. It is able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data Top banking malware during H2 2017 10. Ramnit 1. Ramnit (29%) (29%) – – A A banking banking trojan trojan that steals steals that banking banking credentials, credentials, FTP FTP passwords, session session cookies cookies and and personal personal data data 11. Dorkbot 2. Dorkbot (22%)–A (22%) – A banking banking trojan trojan which which steals the victim’s victim’s credentials credentials using using web- web- injects, activated activated as as the the user user tries tries to to log log into their banking banking website website 12. Zeus 3. Zeus (14%) (14%) – A trojan that targets Windows platforms and often uses them to steal banking information by man-in- the-browser keystroke logging and form grabbing Key malware trends in H1 2018 Check Point researchers detected a number of key malware trends during the period, including: • Hackers move to the cloud – So far this year, there have been a number of sophisticated techniques and tools exploited against cloud storage services. Several cloud-based attacks, mainly those involving data exfiltration and information disclosure, derived from poor security practices, including credentials left available on public source code repositories or the use of weak passwords. Cryptominers are also targeting “ WITH ORGANISATIONS MOVING MORE OF THEIR IT ESTATES AND DATA TO CLOUD ENVIRONMENTS, CRIMINALS ARE TURNING TO THE CLOUD TO EXPLOIT ITS VAST COMPUTATIONAL POWER AND MULTIPLY THEIR PROFITS.