CS1901

2019 predictions
not have good housekeeping deployed and
enforced across their whole data estate in
the cloud."
Single factor passwords - the dark ages.
Single-factor passwords are one of the
simplest possible keys to the kingdom and
are the key tool for attack vectors, from
novice hackers right the way up to nationstate
players, he comments. "And yet they
still remain the go-to security protection for
the majority of organisations, despite the
low cost and ease of deployment of multifactor
authentication solutions. Sadly,
password theft and password-based
breaches will persist as a daily occurrence in
2019."
IOT - an increasing challenge. "The
technology is being increasingly deployed
by organisations, with minimal thought by
many as to the security risks and potential
consequences," Kilpatrick points out.
"Because some IoT deployments are well
away from the main network areas, they
have slipped in under the radar. IoT will
continue to be deployed, creating insecurity
in areas that were previously secure. For the
greatest percentage of IoT deployments, it
is incredibly difficult or impossible to
backfit security."
CYJAX
One of the key developments in 2018 was
the ascendance of cryptomining malware
to the top of the threat tree. Numerous
security researchers believed that it all but
heralded the end of the road for
ransomware. "However, as we noted in a
blog post earlier in 2018, this was not the
case," states Cyjax. "Instead, the emergence
of cryptomining malware merely
precipitated a recalibration of the malware
environment, in which ransomware was
still a prominent threat. A good example
of this is the GandCrab ransomware which,
over the course of 2018, evolved at least
five times to ensure it could stay ahead of
cybersecurity defences.
Cryptominers are arguably the story of
2018. In January, a series of pool-based
miners emerged, many of which had
botnets of millions of infected systems
that could have been used to generate
many millions of dollars a year. While an
organisation hit by cryptomining malware
would not lose any precious data, they
would nonetheless be at risk from
significantly decreased computing power.
"Perhaps the other most significant trend
in the malware landscape has been the rise
of mobile malware," adds Cyjax. "This threat
has grown, as more and more consumers
have turned to their mobile devices, instead
of desktops, for shopping, email and other
tasks. In most cases, threat actors have
looked to distribute malicious apps, with
a focus on stealing data from banking apps
or retail apps. The Google Play Store has
been plagued by these fake apps, which
users download believing them to be
legitimate."
This year will see significant developments
in the mobile malware sphere, Cyjax
believes - a 'professionalisation' of the kind
that was seen a decade ago in PC malware.
"This will see the threats become more
sophisticated as defences improve and
greater targeting is made necessary.
Cryptominers will continue to plague users
around the world, though their meteoric
rise will not be matched in 2019. And more
traditional malware, such as ransomware
and banking Trojans, while appearing to
have been eclipsed by cryptomining threats
in 2018, will nonetheless remain a serious
issue for the foreseeable future."
WEBROOT
As we prepare for what may lie ahead,
Webroot has been taking a look back at the
worst instances of malware and payloads
that hit users in 2018. "Botnets and
banking Trojans are the most commonly
seen type of malware, with Emotet being
the most prevalent and persistent seen to
date," says the company, before going on
to list the "three nastiest":
Emotet is this year's nastiest botnet that
delivers banking Trojans, states
Webroot. "It aspires to increase the
number of zombies in its spam botnet,
with a concentration on credential
gathering. Threat actors have recently
developed a universal plug and play
(UPnP) module that allows Emotet to
turn victims' routers into potential proxy
nodes for their command-and-control
infrastructure."
Trickbot follows a similar attack plan,
"but contains additional modules (with
more added each day) and has even
been seen dropping ransomware.
Imagine all of the machines in your
network being encrypted at once!"
Zeus Panda has similar functionality to
Trickbot, "but has more interesting
distribution methods including macroenabled
Word documents, exploit kits
and even compromised remote
monitoring and management services".
Webroot also cites cryptomining and
cryptojacking, saying that criminals are
quickly moving to these for faster, less risky,
ways of netting cryptocurrency. "However,
what some may call a victimless crime has
a significant impact for businesses and
consumers alike." The three nastiest it
highlights:
"GhostMiner's distribution method is the
scariest part for its victims, because they
don't know its entry point, similar to a scary
movie where you know someone's in the
house, but you don't know where.
GhostMiner is most commonly seen being
distributed via an exploit in Oracle
WebLogic (CVE-2018-2628).
"WannaMine's Windows management
instrumentation (WMI) persistence
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2019 computing security
13