Liv Rowley, threat intelligence analyst at Blueliv, has shared details of the company’s predictions on the biggest cyber threats likely to develop in the New Year, from account checking Armageddon through to Monero cryptocurrency mining. With users continuing to re-use the same passwords across multiple services, account checking Armageddon is close at hand.
Cyber criminals take lists of compromised usernames, e-mails and passwords from prior breaches and use them to gain access to other sites. Thanks to password re-use, this means one breach turns into multiple compromises. A rising number of breaches combined with poor password hygiene will make this an issue of growing importance.
Cyber criminals are constantly redesigning Remote Access Trojans, or RATs, so they become better at bypassing security protections. Blueliv has recently seen examples of new RATs such as Rdfsniffer – which allows man-in-the-middle attacks on payment systems and Point-of-Sale machines – and SDBbot, a malware that allows attackers to elevate privileges for malicious processes, install back doors and disable anti-malware solutions.
Attackers will continue to adapt RATs in order to exploit new targets and evade detection, so Blueliv expects to see increasingly sophisticated malware in 2020.
Bulletproof hosting services – hosting services that allow people to host all sorts of ‘shady’ material and never or rarely respond to takedown requests – will continue to feed the proliferation of websites with illegal or criminal content on the open Internet. These hosting sites can act as a launch pad for sophisticated phishing attacks, such as those services in Malaysia which hosted sites used to attack the UN and NGOs in the region in October this year.
For businesses, this demonstrates another reason why they should invest in services which monitor bulletproof hosting providers and detect attacks before they can have a significantly damaging impact.
Blueliv expects to see further increasing cyber criminal interest in Monero, the privacy and anonymity-centric cryptocurrency, as part of a gradual shift away from Bitcoin towards other cryptocurrencies that cannot be as easily tracked. This may, at least in part, be a result of law enforcement take-downs as well as self-imposed shutdowns of Bitcoin tumblers in 2019. These interruptions underscored the cyber criminal dependency on these services – which are critical in Bitcoin money laundering operations – and which are less imperative with a coin like Monero.
Many cryptojackers also now mine Monero due in part to the fact that it’s privacy centric and thus highly attractive to criminals. Blueliv sees the most intense interest in Monero in the English language underground.
Finally, the English language Darknet markets have had a rough year, with numerous take-downs, exit scams, arrests and unusual activity seeing the markets go on and offline and the spectacle of prolonged DDoS attacks, etc. This instability on the Darknet markets will result in a damaged reputation for this space in 2020 and cause lots of paranoia among cyber criminals that will take time to calm down.
Unpredictability may not have a significant visible impact on end users and businesses, but it might well mean that other markets emerge elsewhere. It’s very disruptive to cyber criminal supply chains (and especially so in the English language spaces).
Ransomware and mobile attacks
More generally, there’s no doubt that we will continue to see mounting cyber attacks in 2020, be it the obvious evolution and adaptation of old threats, an increase of targeted attacks on big companies or new attacks designed to catch us all off guard. Mobile targeting will increase for everything ranging from phishing to malware as the introduction of 5G brings new attack surfaces. Blueliv also expects to see targeted ransomware continuing to be a huge problem – no doubt in part fuelled by the fact that companies continue to pay the ransoms requested.
After a short dip in ransomware popularity in 2018, it has re-emerged as a major threat, and in particular to healthcare institutions. Researchers attribute this to several factors, one of the most prominent being how malicious actors have refined their tactics: creating more efficient malware, negotiating with their victims and being more persuasive with their demands. In addition, healthcare organisations often run outdated software and don’t have adequate cyber security resources. These factors will continue to make them attractive targets in 2020.
Another major reason for the proliferation of ransomware is that, as stated, many victims actually pay the ransom, which then encourages existing actors and incentivises new ones. Healthcare organisations may indeed be more willing to pay the ransom, as the sensitivity of the data handled combined with the criticality of IT systems means that any disruption would pose a huge risk. After all, patients’ lives could be at stake.
Institutions must therefore take the necessary precautions to protect themselves from ransomware and know how to proceed when suffering an attack. The most effective measure is to have properly stored back-ups – which are separate from the main systems – such that systems can be easily restored with data intact. All employees should be trained in cyber security to lower the chance of human error as an infection vector, while systems should always be up-to-date with the latest patches to protect against publicly known exploits.
Finally, it’s advised that organisations should never pay these ransoms. The losses may be higher, but it’s the most effective way in which to dissuade actors from using this kind of malware in the future.
Comment from Apricorn
Jon Fielding, managing director for the EMEA at Apricorn, has asserted that enterprises will have to address security for the new multi-generation workplace.
“With four generations working alongside each other for the first time, organisations will need a new approach to protecting data. They’ll be dealing with a range of different attitudes to security, as well as evolving working practices – in particular a continued increase in mobility and flexibility. A complex security strategy that attempts to address this diverse workplace with copious models and technologies will only create more risk.”
Fielding continued: “There’s no ‘one size fits all’ when it comes to securing the multi-generation enterprise, but encrypting all data as standard, both at rest and on the move, will bring us as close as it’s possible to be. Encrypting data end-to-end renders it unintelligible to anyone not authorised to access it. This is especially valuable when employees are mobile working. The use of hardware-encrypted storage devices will eliminate an element of the ‘human risk’ of data loss entirely.”
With the cyber security skills shortage biting hard, and an increasing expectation that IT will help drive the goals of the business, enterprises must look outside the industry to recruit the right people. The most effective way in which to defend a modern business against cyber threats is to build a diverse security team, equipped with a range of different skill sets and experience (including business acumen and the ability to communicate, collaborate and lead).
“It may seem counter-intuitive to recruit non-specialists to a specialist role, but when it comes to cyber security an understanding of the basic, Best Practice fundamentals is most important. If somebody has a solid foundation in good security hygiene, and they’re willing to learn, then the technical knowledge they need can be built from there.”