2017 saw an interesting evolution of malware and cybercrime, with not just the rate of cyber-criminal attacks increasing but an actual improvement in the complexity and sophistication of attack methods.
December 15 2017
The rise of crypto-currencies, the development of marketplaces in the Dark Web, the relaxed state of IT security in many organisations and the continual connectivity brought about by the world wide web are just some of the factors which has in a way created ‘The Perfect Storm’ for many criminals emboldened by the promise of an easy dollar.
But how has this ‘Perfect Storm’ unfolded and how have the current three main kinds of cybercrime methods developed beneath it?
Ransomware is the most common kind of cybercrime being perpetrated against Australian organisations and individuals. Ransomware is financially motivated, designed to block access to a user’s computer or data usually through a malicious download. In order for the user to regain access, they must pay a ransom, usually made out in bitcoin.
2017 saw ransomware continue to develop and evolve and not just in a technical capacity. Ransomware has also developed as a commercial industry, with developers, vendors, re-sellers and front-user operators are all working together in a formalized process. This is today known as Ransomware as a Service (RAAS), which is now a growing viable, criminal industry due to the low start-up costs and ease of use. The most common setup for RAAS is as follows;
1) Ransomware Development team develops Ransomware software.
2) RaaS Vendor purchases the software from the developers and sells directly to the spammers.
3) The spammers attack thousands of victims and pay the Vendor a commission of ransoms received.
This corporate structure of ransomware operators working together is likely to continue and increase as these methods continue to generate income.
The technological element of ransomware has also developed, with traditional ransomware requiring the victim to download an infected attachment. Newer versions used a software toolkit to infect users just by clicking on a link on a secretly compromised version of a legitimate website.
The tactics of extortion and persuasion have also become more sophisticated, with many forms of ransomware demanding payment that continually rises the longer the victim waits to pay it or threatening to permanently delete the data on the hijacked machine. This is designed to coerce and pressure the victim to pay the ransom rather than seeking help.
Credential Harvesting Malware
Credential harvesting malware works by stealing a victims login detail from a specific network, usually from tablet and mobile devices and most recently these attacks seem to be targeting Android devices.
This kind of malware attack saw an increase in 2017 for one main reason, which was the continued increase of smartphone usage and the increased amount of financial data stored on these devices.
An additional place of vulnerability held on mobile phones is the high number of personal photos stored on mobile devices. Another driving force/incentive for cybercriminals to use for financial gain.
Social engineering is essentially a method used by cybercriminals to bypass IT security measure which they cannot bypass via technological advancements. This usually involves contacting individuals within the targeted organisation through a number of channels to gain information such as names, codes, practices or other information which will be used to supplement a malware attack.
Social engineering has increased slightly in 2017, mainly due to many Australian organisations becoming aware of the basics needed for IT security.
The classic example of social engineering at play is when an employee or representative of a business receives several emails from different individuals within the business (such as the employee’s boss). Instructing them to make a payment or approve some form of action. The emails the victim receives are all from the attacker, who is attempting to make their attack appear like a standard request from the employee’s boss or financial officer.
These are often sent at moments when the targeted employee is more likely to follow-through, such as early in the morning or when their boss is unreachable.
Social Engineering will likely continue to increase as attackers get better at imitating individuals in the business and with the ease of online information available to attackers (such as the public profile of employees on LinkedIn and other social media).