2017 was the year when the word ransomware stopped being a term exclusive to cyber security experts and IT departments. The enormous media attention that attacks such as WannaCry and Petya/GoldenEye received turned this type of threat into one of the key trends for businesses last year. However, PandaLabs warns that highly-publicised events must never serve as a risk indicator, nor influence any security-related decision.
This year, the constant evolution of cyber threats hasn’t shown any sign of slowing down. Cyber criminals continue to change their tactics. Instead of attention-grabbing and ‘showy’ attacks like those we saw last year, they’re now opting for sneakier tactics such as cryptojacking.
One of 2018’s booming trends, cryptojacking is the unauthorised use of a user’s devices to mine cryptocurrencies. It can be realised via phishing e-mails, malicious URLs or through vulnerabilities. Its aim is to go unnoticed for as long as possible, and thus fully exploit its victims’ processing powers.
PandaLabs has compiled malware and threat data from throughout 2018. Traditional file-based malware continues to grow with a 60% rise throughout the year and up to 9 million malicious URLs and 2.4 million attacks blocked per million endpoints per month. Indeed, 20.7% of those machines studied experienced at least one malware attack during the period under analysis.
Malware-less attacks targeting the endpoint such as business e-mail compromise and using Remote Desktop Protocol (RDP) to infiltrate the network are becoming more prevalent, with RDP attacks taking place on 70% of medium-to-large scale PandaLab clients every month.
PandaLabs has identified and investigated 90 new valid incident types resulting from interrogating the forensic data to validate their hypotheses. This allows the Threat Hunting Team to protect against attacks that traditional security solutions are not able to detect such as in-memory execution and ‘live off the land’ activities using legitimate tools and techniques for malicious purposes.
The year of personal data
One occurrence that has affected many cyber security professionals is the definitive implementation of the General Data Protection Regulation (GDPR) back in May. This had repercussions pretty much worldwide. The fact is that the GDPR has coincided with some of the most massive data breaches in history involving Marriott International, Exactis and the notorious Facebook/Cambridge Analytica case.
While 2018 has been an interesting year for cyber security, PandaLabs’ predictions for 2019 suggest it will be anything other than a ‘tock’ year. Geopolitical digital sovereignty, supply chain attacks, hackers harnessing Artificial Intelligence and the misuse of data are all causes for concern.
One of the leading trends in cyber security in 2019 will be live hacking. Although ‘traditional’ types of malware, such as Trojans or worms, are still being used frequently by attackers, new malwareless attack techniques will grow at a faster rate. This can be put down to an increased difficulty in detecting them on the one hand, and on the other to the increased cyber-offensive capacity in the world exhibited by Nation States and criminal gangs. The latter, of course, may be State-sponsored or unaffiliated.
In 2018, Nation States have played a more significant role in the digital realm as a consequence of the more protectionist positions in the Western World (ie the US and the UK), the reactions of other powers (mainly Russia and China) and the increasing climate of mutual distrust among them. One compelling prediction suggests that the concept of digital sovereignty will also spread to security in 2019, and especially in Europe, moving towards a European digital sovereignty.
*The full PandaLabs report is available to view at the following URL: http://partnernews.pandasecurity.com/uk/src/uploads/2018/12/PandaLabs-2018_Annual_Report-uk.pdf