CS1901
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
2019 predictions<br />
not have good housekeeping deployed and<br />
enforced across their whole data estate in<br />
the cloud."<br />
Single factor passwords - the dark ages.<br />
Single-factor passwords are one of the<br />
simplest possible keys to the kingdom and<br />
are the key tool for attack vectors, from<br />
novice hackers right the way up to nationstate<br />
players, he comments. "And yet they<br />
still remain the go-to security protection for<br />
the majority of organisations, despite the<br />
low cost and ease of deployment of multifactor<br />
authentication solutions. Sadly,<br />
password theft and password-based<br />
breaches will persist as a daily occurrence in<br />
2019."<br />
IOT - an increasing challenge. "The<br />
technology is being increasingly deployed<br />
by organisations, with minimal thought by<br />
many as to the security risks and potential<br />
consequences," Kilpatrick points out.<br />
"Because some IoT deployments are well<br />
away from the main network areas, they<br />
have slipped in under the radar. IoT will<br />
continue to be deployed, creating insecurity<br />
in areas that were previously secure. For the<br />
greatest percentage of IoT deployments, it<br />
is incredibly difficult or impossible to<br />
backfit security."<br />
CYJAX<br />
One of the key developments in 2018 was<br />
the ascendance of cryptomining malware<br />
to the top of the threat tree. Numerous<br />
security researchers believed that it all but<br />
heralded the end of the road for<br />
ransomware. "However, as we noted in a<br />
blog post earlier in 2018, this was not the<br />
case," states Cyjax. "Instead, the emergence<br />
of cryptomining malware merely<br />
precipitated a recalibration of the malware<br />
environment, in which ransomware was<br />
still a prominent threat. A good example<br />
of this is the GandCrab ransomware which,<br />
over the course of 2018, evolved at least<br />
five times to ensure it could stay ahead of<br />
cybersecurity defences.<br />
Cryptominers are arguably the story of<br />
2018. In January, a series of pool-based<br />
miners emerged, many of which had<br />
botnets of millions of infected systems<br />
that could have been used to generate<br />
many millions of dollars a year. While an<br />
organisation hit by cryptomining malware<br />
would not lose any precious data, they<br />
would nonetheless be at risk from<br />
significantly decreased computing power.<br />
"Perhaps the other most significant trend<br />
in the malware landscape has been the rise<br />
of mobile malware," adds Cyjax. "This threat<br />
has grown, as more and more consumers<br />
have turned to their mobile devices, instead<br />
of desktops, for shopping, email and other<br />
tasks. In most cases, threat actors have<br />
looked to distribute malicious apps, with<br />
a focus on stealing data from banking apps<br />
or retail apps. The Google Play Store has<br />
been plagued by these fake apps, which<br />
users download believing them to be<br />
legitimate."<br />
This year will see significant developments<br />
in the mobile malware sphere, Cyjax<br />
believes - a 'professionalisation' of the kind<br />
that was seen a decade ago in PC malware.<br />
"This will see the threats become more<br />
sophisticated as defences improve and<br />
greater targeting is made necessary.<br />
Cryptominers will continue to plague users<br />
around the world, though their meteoric<br />
rise will not be matched in 2019. And more<br />
traditional malware, such as ransomware<br />
and banking Trojans, while appearing to<br />
have been eclipsed by cryptomining threats<br />
in 2018, will nonetheless remain a serious<br />
issue for the foreseeable future."<br />
WEBROOT<br />
As we prepare for what may lie ahead,<br />
Webroot has been taking a look back at the<br />
worst instances of malware and payloads<br />
that hit users in 2018. "Botnets and<br />
banking Trojans are the most commonly<br />
seen type of malware, with Emotet being<br />
the most prevalent and persistent seen to<br />
date," says the company, before going on<br />
to list the "three nastiest":<br />
Emotet is this year's nastiest botnet that<br />
delivers banking Trojans, states<br />
Webroot. "It aspires to increase the<br />
number of zombies in its spam botnet,<br />
with a concentration on credential<br />
gathering. Threat actors have recently<br />
developed a universal plug and play<br />
(UPnP) module that allows Emotet to<br />
turn victims' routers into potential proxy<br />
nodes for their command-and-control<br />
infrastructure."<br />
Trickbot follows a similar attack plan,<br />
"but contains additional modules (with<br />
more added each day) and has even<br />
been seen dropping ransomware.<br />
Imagine all of the machines in your<br />
network being encrypted at once!"<br />
Zeus Panda has similar functionality to<br />
Trickbot, "but has more interesting<br />
distribution methods including macroenabled<br />
Word documents, exploit kits<br />
and even compromised remote<br />
monitoring and management services".<br />
Webroot also cites cryptomining and<br />
cryptojacking, saying that criminals are<br />
quickly moving to these for faster, less risky,<br />
ways of netting cryptocurrency. "However,<br />
what some may call a victimless crime has<br />
a significant impact for businesses and<br />
consumers alike." The three nastiest it<br />
highlights:<br />
"GhostMiner's distribution method is the<br />
scariest part for its victims, because they<br />
don't know its entry point, similar to a scary<br />
movie where you know someone's in the<br />
house, but you don't know where.<br />
GhostMiner is most commonly seen being<br />
distributed via an exploit in Oracle<br />
WebLogic (CVE-2018-2628).<br />
"WannaMine's Windows management<br />
instrumentation (WMI) persistence<br />
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2019 computing security<br />
13