The mid-2018 cybersecurity report is based on 53,308 security incidents, 2,216 data breaches, and 67 contributors worldwide, suggested that ransomware has now become the most popular form of malware to use in cyber attacks aimed at the exfiltration of data.
In 39 percent of the security incidents logged, ransomware — such as Locky, Oni, and Mamba — was present.
Data breaches, successful cyber attacks, and hacking events are more and more common and represent a real and present danger. It is often difficult for companies or individuals which have become victims of such cybercrimes, to admit that they were poorly protected.
Nowadays a successful cyber attack has many effects form legal ramifications, reputation loses, all the way up to protective non-disclosure agreements that are shared publicly.
To better defend individuals and corporate networks from cyber attacks, communication and being able to learn from each others’ mistakes are key.
In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running.
If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
In 2018, there are some interesting stories which demonstrate trends in malware usage, modern attack vectors, and also the mistakes companies have made.
The peeled onion
In a case of an attack with a cryptocurrency-related malware.
The malware would compromise the CPUs and graphics hardware of infected systems in order to covertly mine cryptocurrencies, such as Ethereum, Monero, and Zcash.
In one customer’s case, the firewalls were blocking traffic attempting to reach the Tor onion network and captured data packets revealed the malicious behavior originated from a Microsoft “powershell.exe” process. After the investigation, researchers found that the crypto jacking malware compromised the enterprise system through CVE-2017-0143, a remote execution vulnerability leaked by the Shadow Brokers.
Another good example case is the one which involved unauthorized, fraudulent ATM transactions and severe financial loss, that was potentially caused by an insider. When the investigation ended, information and event management (SIEM) log identified a malicious system connected to the network which had gained access to critical servers and databases. The malicious system was not recognized and there was no evidence of an external implant. Researchers concluded that most of the staff that may have been involved in the scheme had been axed and the new employees hired to take their place were not yet familiar with the corporate systems.
Users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.