 |
| Sophos Threat Report 2019 Reveals Cybercriminals Outsmarting Antivirus Solutions |
- Ransomware is increasingly being hand made and used purposefully.
- Cyber-criminals use readily available tools to successfully stop attacks.
- The threat of IOT and mobile malware remains unabated.
The Sophos 2019 Threat Report focuses on key insights into the changing behavior of cyber-criminals and future cyber security challenges.
In 2018, they witnessed the development of targeted ransomware attacks that robbed cyber-criminals of millions of dollars. These targeted attacks are very different from the usual watering-can attacks in which the blackmail software is automatically distributed through millions of email bots. Targeted ransomware is more harmful because there are no bots at work anymore, but people who have developed a strategy, how they are done and against whom. Having arrived in the victim's system, they are able to bypass protection functions, delete backups and sometimes even blur their own tracks. Thus, large sums of ransom are extorted from the victims. This "interactive attack style", in which opponents maneuver manually through a network step by step, is becoming increasingly popular.
See Also: Sophos Brings Lateral Movement Protection to XG Firewall to Prevent Cyberattacks
The report reveals another groundbreaking change: More and more mainstream attackers are using Advanced Persistent Threat (APT) techniques to leverage readily available IT tools to penetrate and complete a system attack - be it confidential information steal from the server or place ransomware.
- One variation is the change from admin tools to cyber attack tools. Cybercriminals use integrated Windows IT management tools, including powershell files and Windows Scripting executables, to perform malware attacks.
- Cybercriminals play digital dominoes. By chaining a number of different types of scripts that attack at the end of the event series, hackers can trigger a chain reaction before IT managers realize that a threat is active on the network. Once the burglary has succeeded, it will be difficult to stop the execution of the malware.
- Cybercriminals use recent office attacks to attract victims. Office exploits have long been an attack vector. But lately, cybercriminals have been replacing old office document exploits with newer ones.
Malware does not just impact the company's infrastructure as the threat of mobile malware increases. With the increase in malicious Android apps, 2018 has focused more on malware being transmitted to phones, tablets, and other IoT devices. As homes and businesses use more and more Internet-bound devices, criminals have found new ways to use these devices as hubs for large botnet attacks. In 2018, VPNFilter demonstrated the destructive power of malware weapons that affected embedded systems and network devices that have no obvious user interface. Mirai Aidra, Wifatch, and Gafgyt also delivered a series of automated attacks that used networked devices as nodes in botnets for distributed denial-of-service attacks.
For more detailed information on threat trends and the behavior of cybercriminals, see SophosLabs 2019's complete Threat Report at www.sophos.com/threatreport.