“What’s more, even with the best protection in place, all it takes is one chink in your chain”
Halloween is upon us once again, with the cybersecurity landscape just as terrifying as the previous one. Cybercriminals have continued to get more sophisticated, sneakier and scarier with their tactics making it all the more important for security to be a key priority not just IT teams and CISOs, but CEOs and board members too.
The silent assassin
Like Sadako emerging from a television screen, Banking Trojans are often an unseen terror until the last possible moment. Conquering all other forms of malware in the last quarter across both business and consumer detections, it hit the hellish heights with an 84% increase in the fiendishly tricky business realm.
Creepy new variants and spooky evolutions ensured a steady drip of rogue files, most notably a large Emotet campaign which began in August 2018 and shows no sign of stopping. With the ability to mass mail its infection without human interaction, Malspam is one of the most common and persistent ways to keep this attack going. Beware of fake emails claiming to offer tax information from the Internal Revenue Service (IRS), greetings, or even payroll information as these are all used as bait for the unwary.
With payloads spread by macro-enabled Word files, and ghoulish team-ups alongside other infections such as Dridex and Trickbot to maximise the personal data stolen, Emotet reigns supreme in the land of the not quite living.
Outside of this, Osiris – an evolution of Kronos – deploys aspects of Process Hollowing and Process Doppelgänging to compromise a system stealthily. This involves replacing portions of a file while in a suspended state, like something from The Fly, then loading up the mixture of legitimate and bogus pieces to begin reconnaissance activities, man-in-the-middle attacks, web injections and much more. It even feeds all communications through TOR in a further effort to prevent law enforcement and security researchers from listening in.
Spooky strains of ransomware
Ransomware is another Halloween horror which refuses to return to the pit from whence it came, with business detections up a massive 88% percent over last quarter, with a decrease for consumers, alongside an outbreak of experimentation and new techniques.
The most concerning and nefarious strains of ransomware keeping CISOs on high alert are GandCrab and Maginber. GandCrab includes new fast and robust encryption features and the ability to reach and encrypt network shares. Magniber ransomware expanded to other regions, with as many as 40 new ransomware variants brewed up in a lab, although not all were released into the wild. Small distribution, but incredibly in-depth updates this year, have brought about the release of more dangerous and powerful variants.
GandCrab is one of the infections leading the charge, and it initially accepted the cryptocurrency DASH instead of Bitcoin as payment. They’ve now opened their gates to that too, and the ransom requested by attackers ranges from $800 to over $1,000, with the ransom doubling after a set amount of days without payment.
It also switched to a more robust form of encryption leading to files being taken over, zombie style, much quicker than in the past. It even has the newfound ability to encrypt network shares if remembered by the victim system. It doesn’t even require connection to a command and control centre to begin the process; being offline won’t save you from this lurking horror.
Bringing up the rear, we have Magniber which currently focuses on many regions in Asia, and has developed from a fairly crude piece of malware to something that will definitely put on a strong showing at a B movie event. This, too, possesses the ability to function with no internet connection. In many cases with ransomware attacks at the moment, pulling the plug on the beast rising from the slab won’t necessarily save you.
Zombie business cyberattacks
After a sleepy first half of the year, cyberattacks against businesses have come back from the dead as cybercriminals search for better bang for their buck. Reports show attacks against businesses climbed 55% in the last three months alone as criminals upped their efforts.
Even threats which previously focused on home users, such as adware and cryptominers, have inexorably gravitated towards the business end of the market. There’s typically more money at risk, more useful data and greater possibilities for social engineering and slowly bleeding a victim out over time.
While consumer threats are always waiting to come crashing up through the skylight, the number one target now is the realm of business and we expect this to be the case for some time.
So, what can IT teams do the protect themselves?
The reality is, if a cybercriminal wants to get into your system that badly, they will do so. Therefore, businesses must prepare the best way they can and ensure plans are in place for when the incident happens.
The protection of anti-virus software alone is no longer adequate for today’s sophisticated attacks. Businesses need to adopt a layered approach to security, protecting themselves from traditional threats alongside the advanced ones. Our telemetry data flagged certain anti-virus vendors are still letting in 20% of malware, which highlights that no one vendor will keep you 100% safe.
What’s more, even with the best protection in place, all it takes is one chink in your chain, from a naïve employee or disgruntled individual, to let hackers in. This highlights the need for ongoing security education, not just as a one-off, but on an ongoing basis as it takes time to change habits.
Alongside company-wide training systems, systems have to be fit for purpose – as do the individuals responsible for it. That requires clearly understood chains of accountability, an educated workforce that is alert to the threat posed by outdated software, bad internet habits and the introduction of personal devices into the corporate IT estate and clearly defined responsibilities from senior management down.
So, this Halloween, board up your windows, barricade the doors, destroy your staircase and wait things out on the top floor. But don’t be alarmed if the cybercriminals still get in, have your plan B escape route at the ready.