Ransomware & Malware Make Way For New Attack Vectors

Uploaded on 2019-06-13 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

There has been a major decline in ransomware and malware attacks some countries like  Ireland having some of the lowest rates globally, according to the latest threat intelligence report from Microsoft. New figures indicate that global ransomware attacks fell by 60% between March and December of last year, while malware attacks declined in general. 

Instead, threat actors are launching campaigns that rely on more covert attack techniques such as phishing and social engineering in general.

Cyber Criminals took to Crypto-Jacking last year
Crypto-jacking is the illegitimate use of a system’s resourcing powers for mining cryptocurrency. Microsoft detected far more crypto-jacking attacks than ransomware campaigns in 2018, with the average monthly detection rate for crypto-jacking reaching 0.12%, more than twice the rate for ransomware (0.05%).

Ransomware still makes headlines, however, we encounter it at much lower volumes compared to other malware, and tactics such as cryptocurrency mining. Ransomware attacks happen when bad actors encrypt and threaten to delete a user’s or organisation’s valuable information unless they pay a ransom. Ransomware has been on the decline in recent times since victims have not been paying the ransoms and companies have been able to retrieve locked up files from their backups. Still, it continues to be a threat in some regions, primarily due to a lack of security hygiene, with occasional spikes in encounter rates.

The latest Microsoft Threat Intelligence Report also reveals that hackers have pivoted to more covert means, with an increased focus on exploiting users through social engineering methods like phishing to gain access and exploit data.  Phishing rates have increased with cyber-criminals also covertly using victims’ compromised computers for crypto-currency mining.

While crypto-currency mining is not a new phenomenon, there has been an increase in its prevalence globally over the last year. In 2018, the average worldwide monthly crypto-currency coin mining encounter rate was 0.12%, compared to just 0.05% for ransomware. 

Many factors contribute to the increased popularity of mining as a payload for malware. Unlike ransomware, crypto-currency mining does not require user input, it works in the background, while the user is performing other tasks or is away from the computer and may not be noticed at all unless it degrades the computer’s performance sufficiently.

Targeting Cloud Providers 
Cloud providers such as Microsoft Azure are perennial targets for attackers seeking to compromise and weaponise virtual machines and other resources. The attacker can then use these virtual machines to launch attacks, including brute force attacks against other virtual machines, to deliver spam campaigns that can be used for email phishing attacks, for reconnaissance such as port scanning to identify new attack targets, and for other malicious activities. 

Malware
Good computer hygiene helps to mitigate the risks of malware. Typically, when we see high rates of malware, it’s a result of poor security hygiene and low user security education and awareness. Using unlicensed and/or pirated software can also be a source of malware. 

Sources that illegitimately offer free software or content, such as streaming videos, will often include malware. Some potential reasons for the overall decrease in malware encounter rates in 2018 are the growth in adoption of Windows 10, and increased use of Windows Defender for protection. Even if there is an intermittent slowdown in malware encounter rates, attackers don’t stand still, rather, they continue to evolve their techniques.

Drive-by Download
A drive-by download (DBD) is an unintentional download of malicious code to an unsuspecting user’s computer when they visit a web site. The malicious code could be used to exploit vulnerabilities in web browsers, browser add-ons, applications, and the operating system. 

Users can be infected with malware simply by visiting a website, even without attempting to download anything. In our research, we track drive-by downloads that affect web browser vulnerabilities. 

Drive-by downloads can be hosted on legitimate websites. Attackers gain access to legitimate sites through intrusion or by posting malicious code to a poorly secured web form, like a comment field on a blog. 

It can be difficult for even an experienced user to identify a compromised site from a list of search results. More advanced drive-by download campaigns can also install ransomware or even crypto-currency mining software on a victim machine.

HelpNetSecurity:         Microsoft

You Might Also Read:

Cybersecurity 2019: Predictions You Can’t Ignore:

Dealing With Malicious Emails:

 

« Wanted: An International Cyber Security Law
WannaCry Has Not Gone Away »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

SealPath

SealPath

SealPath enables companies to protect and control their documents wherever they are: In their PC, in their corporate network, on a partner’s network, in the cloud.

Code Dx

Code Dx

Code Dx is a software application vulnerability correlation and management system.

Italian Association of Critical Infrastructure Experts (AIIC)

Italian Association of Critical Infrastructure Experts (AIIC)

AIIC acts as a focal point in Italy for expertise on the protection of Critical Infrastructure including ICT networks and cybersecurity.

MSG Systems

MSG Systems

MSG are committed to intelligent IT and industry solutions and offer independent consulting on all aspects of information security.

ZyberSafe

ZyberSafe

ZyberSafe is an innovative Danish company specialized within building hardware encryption solutions.

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions delivers a range of Industrial Automation and Cyber solutions & services to sectors including Oil & Gas, Chemicals & Petrochemicals, Power and others.

DestructData

DestructData

DestructData is a leading independent provider of End of Life data destruction/security solutions.

Westminster Insight - Cyber Security Conference

Westminster Insight - Cyber Security Conference

Join colleagues this December for Westminster Insight’s Cyber Security Conference, as you’ll assess how new technologies such as AI can secure your organisation against future threats.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

Intercast Global

Intercast Global

Intercast's mission is to be a strategic resource to our clients in Risk Reduction. We are a global leader in cyber security staffing and consulting to the enterprise.

Neudomains

Neudomains

Neudomains is a Corporate Domain Name Management and Brand Protection Online Specialist. One of the world's top providers of online brand protection and enforcement.

Pelta Cyber Security

Pelta Cyber Security

Pelta Cyber Security is the cyber security consulting and solutions division of Softworld Inc. We provide staffing and recruitment services as well as consulting and solutions for outsourced projects.

CY4GATE

CY4GATE

CY4GATE was conceived to design, develop and produce technologies and products that are able to meet the most stringent and modern requirements of Cyber Intelligence & Cyber Security.

Raxis

Raxis

Raxis is a cybersecurity company that hacks into computer networks and physical structures to perform penetration tests, assessing corporate vulnerability to real-world threats.

Oxford Internet Institute - University of Oxford

Oxford Internet Institute - University of Oxford

The Oxford Internet Institute is a multidisciplinary research and teaching department of the University of Oxford, dedicated to the social science of the Internet.

Camelot Secure

Camelot Secure

Camelot Secure Secure360 platform is a holistic redefinition of what world-class cybersecurity strategies can be. Prepare. Protect. Deploy.