Data/Cyber

Coin-mining malware multiplies

BY Richard Summerfield

The types of malware utilised by cyber criminals grew by 629 percent in the first quarter of 2018, according to the McAfee Labs Threat Report: June 2018.

‘Cryptojacking’ and other forms of cryptocurrency mining experienced remarkable growth, climbing from around 400,000 total known samples in Q4 2017 to more than 2.9 million in Q1 2018.

“Cybercriminals will gravitate to criminal activity that maximises their profit,” said Steve Grobman, chief technology officer at McAfee. “In recent quarters we have seen a shift to ransomware from data-theft, as ransomware is a more efficient crime. With the rise in value of cryptocurrencies, the market forces are driving criminals to crypto-jacking and the theft of cryptocurrency. Cybercrime is a business, and market forces will continue to shape where adversaries focus their efforts."

Furthermore, on average, McAfee detected five new malware samples per second, down from eight per second recorded in Q4 2017.

 “There were new revelations this quarter concerning complex nation-state cyber-attack campaigns targeting users and enterprise systems worldwide,” said Raj Samani, chief scientist at McAfee. “Bad actors demonstrated a remarkable level of technical agility and innovation in tools and tactics. Criminals continued to adopt cryptocurrency mining to easily monetise their criminal activity.”

McAfee recorded 313 publicly disclosed security incidents in Q1 2018, a 41 percent increase over Q4 2017. One of the most frequently targeted industries was healthcare, which saw a 47 percent increase in recorded incidents. Cyber criminals targeted the sector with the SAMSA ransomware.

Education and finance also recorded increases of 40 percent and 39 percent respectively. Ransomware was frequently deployed against schools. In total, there were 313 publically disclosed security incidents in Q1, a 41 percent increase on the previous quarter.

According to McAfee, cryptocurrency mining campaigns may overtake the use of ransomware in the future, as it is as simpler and less risky form of cyber crime. Sophisticated Bitcoin-stealing phishing campaigns, such as ‘HaoBao’, which was launched by the Lazarus cyber crime ring, may become more commonplace, targeting global financial organisations and Bitcoin users.

Mobile malware has seen significant growth of late. Total known malware samples grew 42 percent over the last four quarters. Malware has also grown; the total number of malware samples grew 37 percent over the past four quarters to more than 734 million samples.

In January, McAfee reported an attack targeting organisations involved in the Winter Olympics in South Korea. The attack was executed using a malicious Word attachment containing a hidden PowerShell implant script. The script was embedded within an image file and executed from a remote server. The attack, dubbed ‘Gold Dragon’, involved a fileless implant which encrypted stolen data and sent the data to the attackers’ command and control servers. The implant then performed reconnaissance functions, monitoring the use of anti-malware solutions in order to evade them.

Report: McAfee Labs Threat Report: June 2018

DHS unveils new cyber security strategy

BY Richard Summerfield

This week the US Department of Homeland Security unveiled a new national strategy for addressing the growing threat of cyber security risks.

According to the report, by 2020 more than 20 billion devices are expected to be connected to the internet, and a result of this growth and the increasing variety of these devices, a new approach to cyber security is required. The new strategy was released in compliance with the fiscal 2017 National Defence Authorisation Act, the DHS noted, and has been designed to prioritise and harmonise the department’s programming, planning, operational and budgeting efforts.

The DHS, which is responsible for securing federal networks and critical infrastructure from cyber sabotage, has identified five key areas of risk, or ‘pillars’, that it hopes to manage though the strategy, including risk identification, vulnerability reduction, consequence mitigation, enablement of cyber outcomes and threat reduction. These risk areas are particularly noteworthy given the evolution of cyber criminality in recent years. In particular, the strategy refers to the breadth of attempted cyber attacks on US government networks, which increased more than tenfold between 2006 and 2015.

Homeland Security secretary Kirstjen Nielsen said: “The cyber threat landscape is shifting in real-time, and we have reached a historic turning point. Digital security is now converging with personal and physical security, and it is clear that our cyber adversaries can now threaten the very fabric of our republic itself. That is why DHS is rethinking its approach by adopting a more comprehensive cybersecurity strategy. In an age of brand-name breaches, we must think beyond the defence of specific assets — and confront systemic risks that affect everyone from tech giants to homeowners. Our strategy outlines how DHS will leverage its unique capabilities on the digital battlefield to defend American networks and get ahead of emerging cyber threats.”

The announcement of the new strategy came on the same day that the White House removed the cybersecurity coordinator position from the National Security Council (NSC), as it felt that the role was no longer necessary.

NSC spokesman Robert Palladino said: “The National Security Council’s cyber office already has two very capable Senior Directors. Moving forward, these Senior Directors will coordinate cyber matters and policy. As they sit six feet apart from one another, they will be able to coordinate in real time. Today’s actions continue an effort to empower National Security Council Senior Directors. Streamlining management will improve efficiency, reduce bureaucracy and increase accountability.”

Report: US Department Of Homeland Security Cybersecurity Strategy

Cyber attacks double as resilience grows

BY Richard Summerfield

Targeted cyber attacks have doubled in the last year, according to Accenture Security’s latest ‘State of cyber resilience’ study.

The report, which surveyed 4600 executives from large organisations around the world, found that the volume of targeted attacks reached 232, up from 106 in Accenture’s 2017 report.

Ransomware and distributed denial of service (DDos) attacks in particular have been on the rise over the last 12 months. Though organisations are increasingly able to block attacks (87 percent of focused attacks were repelled last year, up from 70 percent in the 2017 report), 13 percent of focused attacks were able to penetrate defences.

Accordingly, organisations are still facing an average of 30 successful security breaches per year which cause damage or result in the loss of high-value assets, which is unsustainable in the long run.

“Only one in eight focused cyber attacks are getting through versus one in three last year, indicating that organisations are doing a better job of preventing data from being hacked, stolen or leaked,” said Kelly Bissell, managing director of Accenture Security.

“While the findings of this study demonstrate that organisations are performing better at mitigating the impact of cyber attacks, they still have more work to do. Building investment capacity for wise security investments must be a priority for those organisations who want to close the gap on successful attacks even further. For business leaders who continue to invest in and embrace new technologies, reaching a sustainable level of cyber resilience could become a reality for many organisations in the next two to three years. That’s an encouraging projection,” he added.

Companies are also getting better at detecting breaches when they do occur. On average, 89 percent of respondents said their internal security teams detected breaches within a month, compared to only 32 percent last year. This year, 55 percent of organisations took one week or less to detect a breach, up from 10 percent last year.

New technology, such as artificial intelligence, machine learning, user behaviour analytics and blockchain, have been helping companies to fight off cyber attacks. Eighty-three percent of respondents agreed that these new technologies are essential to protecting their organisations.

However, there is much more work to be done. Respondents said only two-thirds of their organisations are actively protected by their cyber security programme. This must improve; companies should be proactive in designing and deploying their threat defences.

Report: 2018 State of Cyber Resilience

Rise of the cryptojackers

BY Richard Summerfield

2017 saw the emergence of cryptojacking as the latest cyber security challenge to be overcome, according to Symantec’s 2018 Internet Security Threat Report.

The report analyses data from the Symantec Global Intelligence Network, the largest civilian threat collection network in the world, which tracks over 700,000 global adversaries, records events from 126.5 million attack sensors worldwide, and monitors threat activities in over 157 countries and territories.

Cryptojacking, where computers are unknowingly co-opted for the use of mining cryptocurrencies, increased 8500 percent in 2017, with 1.7 million attacks registered in December alone.

Cyber criminals are increasingly turning to cryptojacking due to its low barriers to entry; indeed, only a few lines of code are required to infiltrate a machine. Cryptojackers are able to use coinminers to steal a device’s processing power and cloud CPU usage in order to mine cryptocurrency. Once a device has been hijacked, it will slow down, overheat and in some cases, be rendered unusable.

On an organisational level there are additional issues caused by cryptojacking. According to the report, “Corporate networks are at risk of shutdown from coinminers aggressively propagated across their environment. There may also be financial implications for organisations who find themselves billed for cloud CPU usage by coinminers.”

“Cryptojacking is a rising threat to cyber and personal security,” said Mike Fey, president and chief operating officer of Symantec. “The massive profit incentive puts people, devices and organisations at risk of unauthorised coinminers siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centres.”

“Now you could be fighting for resources on your phone, computer or IoT device as attackers use them for profit,” said Kevin Haley, director of Symantec Security Response. “People need to expand their defences or they will pay for the price for someone else using their device.”

Software supply chain attacks also boomed in 2017. An increasing number of attackers are injecting malware into supply chains. Last year saw a 200 percent increase in such attacks – the equivalent of one attack every month, up from the four attacks a year recorded previously.

Mobile malware is also continuing to grow. The number of new mobile malware variants increased by 54 percent last year. ‘Grayware’ applications are also affected mobile users, though grayware is not entirely malicious, it can be problematic and it is becoming increasingly common. Grayware use increased by 20 percent in 2017.

Report: 2018 Internet Security Threat Report

CEO ‘disconnect’ a cyber concern

BY Richard Summerfield

Though cyber security is one of the biggest issues of our time, a misalignment between CEOs and technical officers, including CIOs, CTOs and CISOs, is weakening many organisations’ cyber security postures, according to a new report from Centrify titled ‘CEO Disconnect is Weakening Cybersecurity’.

The report, which saw over 800 executives surveyed by Centrify and Dow Jones Customer Intelligence, suggests that discord among C-suite leaders is leaving companies increasingly vulnerable to attack. The report claims that “the CEO response to cybersecurity is misaligned with reality”.

Sixty-two percent of CEOs cite malware as the primary threat to cyber security, compared to only 35 percent of technical officers. Only 8 percent of all executives stated that anti-malware endpoint security would have prevented the “significant breaches with serious consequences” that they experienced. Technical officers believe that identity breaches – including privileged user identity attacks and default, stolen or weak passwords – are the largest threat companies face, not malware.

Poor investment decisions made by CEOs – 60 percent of CEOs are investing the most in malware prevention and 93 percent indicate they already feel ‘well-prepared’ for malware risk – and poor communication between CEOs and technical officers are further cause for concern. Eighty-one percent of CEOs believe that they are most accountable for their company’s cyber security strategy, while just 16 percent of technical officers agree. Seventy-eight percent of technical officers believe that they are most accountable for the company’s strategy.

“While the vast majority of CEOs view themselves as the primary owners of their cybersecurity strategies, this report makes a strong argument that companies need to listen more closely to their Technical Officers,” said Tom Kemp, chief executive of Centrify. "It’s clear that the status quo isn’t working. Business leaders need to rethink security with a Zero Trust Security approach that verifies every user, validates their devices, and limits access and privilege.”

To bridge the gap between CEOs and technical officers, the report suggests that all parties must share their perspectives on the issues surrounding cyber security, but ultimately CEOs must alter their understanding of the threats they face. While malware is an issue, CEOs must change their mindsets, realign their cyber security spending and focus more heavily on the importance on combating identity breaches.

Report: CEO Disconnect is Weakening Cybersecurity

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.