Ransomware, Phishing And Botnets

Uploaded on 2019-11-12 in NEWS-Cybersecurity News, FREE TO VIEW

There has been a 17% increase in cyberattacks over the past year and many organisations have begun to take cyber security far more seriously but have not yet done enough to really reduce the threats to their organisation. 

Now Webroot has released its annual Nastiest Malware list, shedding light on 2019’s worst cyber security threats. 

From ransomware strains and crypto-mining campaigns that delivered the most attack payloads to phishing attacks that wreaked the most havoc, it’s clear that cyber threats across the board are becoming more advanced and difficult to detect.

Ransomware

Ransomware is any malware that holds your data ransom. These days it usually involves encrypting a victim’s data before asking for cash (typically crypto-currency) to decrypt it. Ransomware ruled the malware world since late 2013, but finally saw a decline last year. The general drop in malware numbers, along with defensive improvements by the IT world in general (such as more widespread backup adoption), were factors, but have also led this threat to become more targeted and ruthless.

Ransomware continued to see success by evolving a more targeted model initially adopted in previous years. SMBs are the prime target as they struggle with limited security budget and skills. 

Whether its phishing attacks targeting employees or brute forcing unsecured RDP, ransomware is as effective as ever, cementing its place on our list for another year. The nastiest include:

Emotet and Trickbot and Ryuk (“Triple Threat”) – One of the most successful chains of 2019 in terms of financial damages. These strains have shifted their focus to more reconnaissance-based operations. They assign a value to the targeted network post infection and then send the ransom for that amount after moving laterally and deploying the ransomware.

Trickbot/Ryuk – The second stage payload for Emotet in the first half of 2019, Ryuk infections that are typically delivered by Trickbot result in the mass encryption of entire networks.

Dridex/Bitpaymer – Dridex is now being used as an implant in the Bitpaymer ransomware infection chain and is also being delivered as a second stage payload off of Emotet.

GandCrab – One the most successful instance of RaaS (ransomware-as-a-service) to date, the authors have boasted shared profits in excess of $2 billion.

Sodinokibi – Sodin / REvil – This combination arose after the retirement of GandCrab. It’s not uncommon for successful threat actors who receive a lot of attention to try to start new projects in an attempt remain successful.

Crysis/Dharma – Back for its second year on the Nastiest Malware list, this ransomware was actively distributed in the first half of 2019. Almost all infections observed were distributed through RDP compromise.

Phishing

Email-based malware campaigns increased dramatically in complexity and believability in 2019. Phishing campaigns became more personalised and extortion emails claimed to have captured lude behavior using compromised passwords. The nastiest phishing attacks include:

Company impersonation – The biggest security concern at the office is often an employee, not a hacker in some remote location. The year 2019 continued to prove that failure to follow best practices, including reuse and sharing of passwords and familiarity with the top impersonated brands like Microsoft, Facebook, Apple, Google and PayPal, caused significant damage.

Business Email Compromise (BEC) – In 2019 there was a rise of email address hijacking and deepfakes. Individuals who are responsible for sending payments or purchasing gift cards were targeted through spoof email accounts impersonating company executives or familiar parties. Victims were tricked into giving up wire transfers, credentials, gift cards and more.

Botnets 

Botnets remained a dominant force in the infection attack chain. No other type of malware delivered more payloads of ransomware or crypto-mining. The three nastiest include:

Emotet – The most prevalent malware of 2018 continued its dominance in 2019. Despite a brief shutdown in June, Emotet resurfaced in September as the largest botnet delivering varying malicious payloads.

Trickbot – Trickbot’s modular infrastructure makes it a serious threat for any network it infects. Its combination with Ryuk ransomware is one of the more devastating targeted attacks of 2019.

Dridex – Once considered one of the most prominent banking Trojans, Dridex is now used as an implant in the infection chain with Bitpaymer ransomware.

Crypto-mining and Crypto-jacking

The explosive growth of crypto-jacking sites in 2017-2018 is gone. Crypto-mining will not die entirely, however, because it is low-risk, guaranteed money, while also less “malicious” and profitable than ransomware. The nastiest campaigns of 2019 include:

Hidden Bee – An exploit delivering crypto-mining payloads, Hidden Bee first started last year with IE exploits and has now evolved into payloads inside JPEG and PNG images through stenography and WAV media formats flash exploits.

Retadup – A crypto-mining worm with over 850,000 infections, Retadup was removed in August by Cybercrime Fighting Center (C3N) of the French National Gendarmerie after they took control of the malware’s command and control server.

HelpNetSecuriy 1        HelpNetSecurity 2:              Webroot 1          Webroot 2 


You Might Also Read:

New Ransomware Formats Double:

Malware Has Increased By 64%:

 

 

« Artificial Intelligence & The Ethics Of War
BBC Goes To The Darkside On Tor »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Pen Test Partners LLP

Pen Test Partners LLP

Pen Test Partners provides penetration testing, security assessment and training services.

The Hacker News (THN)

The Hacker News (THN)

THN is a leading source for Information Security, Hacking News, Cyber Security, Network Security with in-depth technical coverage of issues and events

Signifyd

Signifyd

Signifyd is the world's largest provider of Guaranteed e-Commerce Fraud Protection.

PureCyber

PureCyber

PureCyber (formerly Wolfberry Cyber) is an award-winning cyber security consultancy whose goal it is to make cyber security accessible, understandable, and affordable for any organisation.

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

SWEDAC is the national accreditation body for Sweden. The directory of members provides details of organisations offering certification services for ISO 27001.

StepStone

StepStone

StepStone is one of the leading online job platforms in Germany, and other countries, covering all industry sectors including IT and cybersecurity.

S2T

S2T

S2T builds cyber intelligence solutions based on deep expertise in diverse domains such as intelligence, machine learning and AI, big data processing, statistics and linguistics.

Acceptto

Acceptto

Acceptto offers the first unified and continuous authentication identity access platform with No-Password.

IT Band Systems

IT Band Systems

IT Band Systems is an international provider of IT products and services including web server monitoring and web security consulting.

KanREN

KanREN

KanREN is a member based consortium offering custom, world-class network services and support for researchers, educators, and public service institutions in the state of Kansas.

Earlybird Venture Capital

Earlybird Venture Capital

Earlybird is a venture capital investor focused on European technology innovators.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

Eunetic

Eunetic

Eunetic IT security solutions - we secure your websites, emails, domains and data.

Obsidian Security

Obsidian Security

Protect your business-critical applications by mitigating threats and reducing risk with Obsidian, the first truly comprehensive security solution for SaaS.

Eclypses

Eclypses

Eclypses has a disrupting cyber technology, offering organizations an advanced data security solution called MicroToken Exchange (MTE).

Metrodata Group

Metrodata Group

PT. Metrodata Electronics, known as Metrodata Group, is the leading information communication technology company in Indonesia.