While 2018 was free of massive attacks splashed on the front pages of newspapers, it did see the emergence of a host of new malware threats. The malware was in many cases highly sophisticated, but still did not manage to replace good old ransomware, from which we have not heard the last. The Stormshield Threat Intelligence team looks at the state of play in the world of malware in 2018.
So in 2018 there were no huge threats that grabbed the limelight like WannaCry, but there were a series of increasingly sophisticated malware programs. Exhibit A was the discovery last spring by Kaspersky Lab of Slingshot. This computer virus is regarded as one of the most advanced to date, a “masterpiece” according to the Kaspersky Lab researchers who uncovered it. Using two modules, GollumApp and Cahnadr, the Slingshot malware program can take full control of the infected computer and perform multiple functions: recovering any type of data, taking screenshots, and sniffing keystrokes. Hard to detect, it even goes so far as to adapt to the security solutions deployed against it using an “anti-debugging” strategy. It is worth noting that this virus targets not only websites, but also computers connected to the MikroTik router.
Kaspersky researchers uncover a previously undetected highly-skilled APT #hacking group operating covertly since 2012, and infected Mikrotik routers to cleverly implant 'Slingshot' spying malware https://t.co/H2M8HLsPkk pic.twitter.com/hCkAnjiwjc
— The Hacker News (@TheHackersNews) 9 mars 2018
A major breakthrough for cryptojacking
With the exception of Slingshot, malware's rising prominence this year was due to malicious cryptojacking tools like Coinhive and Cryptoloot. According to the Skybox Security report, this type of cyberthreat accounted for 32% of attacks in the first half of 2018 compared with 7% in the last six months of 2017. And the volumes put forward by another cybersecurity player in December 2018 even suggest a 4,000% increase in one year! Prized by non-expert cybercriminals because it is low-risk but very high-reward, cryptojacking means infecting a PC with malicious software that harnesses the computer’s processing power to steal cryptocurrency. It hijacks the mining technique, a process based on intense mathematical calculations designed to generate cryptocurrency but also to verify, authenticate and validate the transactions performed in this currency.
The risks of social hacking
Another fast-growing threat is this fraud targeting social media users. According to a report by another cybersecurity player, the use of social engineering and manipulation techniques to trick internet users grew by 485% in the third quarter of 2018 compared with the same period of the year before! It is a threat that could expose companies’ sensitive data. But any employee is a potential target for social hackers: “cybercriminals are spending more and more time finding out the interests of people working for targeted firms before sending them a personalised email, enabling them to get into a company's system and steal its data”, explains Stéphane Prévost, Product Marketing Manager at Stormshield.
Multifunctional botnets
The last important key feature of 2018 was the growing use of multipurpose botnets that are versatile enough to perform almost any task. These networks of infected computers are controlled by cybercriminals and used to spread malware and facilitate denial-of-service (DDoS) or spam attacks. According to the August 2018 Kaspersky report, the volume of RAT files like Njrat, DarkComet and Nanocore spread by botnets almost doubled, from 6.55% to 12.22 %, compared to the first six months of 2017. “The Pony RAT, for example, is unsophisticated but easy to come by and focuses on under-protected targets”, says Paul Fariello, a member of the Security Intelligence team.
Ransomware: the real threat
But all these “new” attacks should not cause us to lose sight of the fact that good old ransomware is more dangerous than ever. SamSam, a ransomware family active since 2015, was behind incidents such as a very high-profile attack on the city of Atlanta in March. In this field, cybercriminals are not short of inventiveness, as proven by ransomware like GandCrab and DataKeeper, which update almost daily. “While attacks have certainly become increasingly complex, conventional ransomware (which encrypts data) remains by far the biggest threat to micro and small businesses", says Paul Fariello. So now is not the time to drop your guard!
