Ransomware & Malware Make Way For New Attack Vectors

There has been a major decline in ransomware and malware attacks some countries like  Ireland having some of the lowest rates globally, according to the latest threat intelligence report from Microsoft. New figures indicate that global ransomware attacks fell by 60% between March and December of last year, while malware attacks declined in general. 

Instead, threat actors are launching campaigns that rely on more covert attack techniques such as phishing and social engineering in general.

Cyber Criminals took to Crypto-Jacking last year
Crypto-jacking is the illegitimate use of a system’s resourcing powers for mining cryptocurrency. Microsoft detected far more crypto-jacking attacks than ransomware campaigns in 2018, with the average monthly detection rate for crypto-jacking reaching 0.12%, more than twice the rate for ransomware (0.05%).

Ransomware still makes headlines, however, we encounter it at much lower volumes compared to other malware, and tactics such as cryptocurrency mining. Ransomware attacks happen when bad actors encrypt and threaten to delete a user’s or organisation’s valuable information unless they pay a ransom. Ransomware has been on the decline in recent times since victims have not been paying the ransoms and companies have been able to retrieve locked up files from their backups. Still, it continues to be a threat in some regions, primarily due to a lack of security hygiene, with occasional spikes in encounter rates.

The latest Microsoft Threat Intelligence Report also reveals that hackers have pivoted to more covert means, with an increased focus on exploiting users through social engineering methods like phishing to gain access and exploit data.  Phishing rates have increased with cyber-criminals also covertly using victims’ compromised computers for crypto-currency mining.

While crypto-currency mining is not a new phenomenon, there has been an increase in its prevalence globally over the last year. In 2018, the average worldwide monthly crypto-currency coin mining encounter rate was 0.12%, compared to just 0.05% for ransomware. 

Many factors contribute to the increased popularity of mining as a payload for malware. Unlike ransomware, crypto-currency mining does not require user input, it works in the background, while the user is performing other tasks or is away from the computer and may not be noticed at all unless it degrades the computer’s performance sufficiently.

Targeting Cloud Providers 
Cloud providers such as Microsoft Azure are perennial targets for attackers seeking to compromise and weaponise virtual machines and other resources. The attacker can then use these virtual machines to launch attacks, including brute force attacks against other virtual machines, to deliver spam campaigns that can be used for email phishing attacks, for reconnaissance such as port scanning to identify new attack targets, and for other malicious activities. 

Malware
Good computer hygiene helps to mitigate the risks of malware. Typically, when we see high rates of malware, it’s a result of poor security hygiene and low user security education and awareness. Using unlicensed and/or pirated software can also be a source of malware. 

Sources that illegitimately offer free software or content, such as streaming videos, will often include malware. Some potential reasons for the overall decrease in malware encounter rates in 2018 are the growth in adoption of Windows 10, and increased use of Windows Defender for protection. Even if there is an intermittent slowdown in malware encounter rates, attackers don’t stand still, rather, they continue to evolve their techniques.

Drive-by Download
A drive-by download (DBD) is an unintentional download of malicious code to an unsuspecting user’s computer when they visit a web site. The malicious code could be used to exploit vulnerabilities in web browsers, browser add-ons, applications, and the operating system. 

Users can be infected with malware simply by visiting a website, even without attempting to download anything. In our research, we track drive-by downloads that affect web browser vulnerabilities. 

Drive-by downloads can be hosted on legitimate websites. Attackers gain access to legitimate sites through intrusion or by posting malicious code to a poorly secured web form, like a comment field on a blog. 

It can be difficult for even an experienced user to identify a compromised site from a list of search results. More advanced drive-by download campaigns can also install ransomware or even crypto-currency mining software on a victim machine.

HelpNetSecurity:         Microsoft

You Might Also Read:

Cybersecurity 2019: Predictions You Can’t Ignore:

Dealing With Malicious Emails:

 

« Wanted: An International Cyber Security Law
WannaCry Has Not Gone Away »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Serena

Serena

Serena Software helps increase speed of the software development lifecycle while enhancing security, compliance, and performance.

Council of Europe - Cybercrime Programme Office (C-PROC)

Council of Europe - Cybercrime Programme Office (C-PROC)

The Cybercrime Programme Office of the Council of Europe is responsible for assisting countries worldwide in strengthening their legal systems capacity to respond to cybercrime

VerifyMe

VerifyMe

VerifyMe is a global technology solutions company delivering brand protection offerings to mitigate counterfeiting, product diversion, and illicit trade.

Intelligent Business Solutions Cyprus (IBSCY)

Intelligent Business Solutions Cyprus (IBSCY)

IBSCY Ltd is a leading provider of total IT solutions and services in Cyprus specializing in the areas of cloud services and applications, systems integration, IT infrastructure and security.

Threatspan

Threatspan

Threatspan is a cybersecurity firm helping shipping and maritime enterprises achieve and maintain nautical resilience in an age of increasing cyber threats.

A3Sec

A3Sec

A3Sec provides professional solutions in the areas of Cybersecurity, Device Monitoring, Business Intelligence and Big Data.

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance is a global, non-profit industry association which is working to enable a secure connected future.

Hudson Cybertec

Hudson Cybertec

Hudson Cybertec are an internationally recognized Subject Matter Expert for cyber security in the Industrial Automation & Control Systems (IACS) domain.

Axis Security

Axis Security

Axis Security technologies transform open networks and vulnerable applications into fully protected resources that the business can trust.

GuardDog.ai

GuardDog.ai

guardDog.ai has developed a cloud-based software service with a companion device that work together to simplify network security.

Chugach Government Solutions (CGS)

Chugach Government Solutions (CGS)

CGS performs work for the Federal Government across 4 unique core lines of business, including: Facilities Management and Maintenance, Construction, Technical IT and Cyber Services, and Educational Se

Comcast Technology Solutions (CTS)

Comcast Technology Solutions (CTS)

Comcast Technology Solutions delivers proven technologies for global video, media, communications, data applications, and cybersecurity & compliance.

Cyber Capital Partners

Cyber Capital Partners

Cyber Capital Partners build strategic and financial partnerships with small and mid-sized cybersecurity companies in highly regulated markets.

Exiger

Exiger

Exiger is revolutionizing the way corporations, government agencies and banks navigate risk and compliance in their third-parties, supply chains and customers.

Resillion

Resillion

Resillion (formerly Eurofins Digital Testing) is a global leader in quality engineering and cyber security services with operations in Europe, US, UK, India and China.

TELUS

TELUS

TELUS provide Canadian businesses with the services and solutions they need to securely thrive in a digital world. Partner with a cybersecurity leader you can rely on.