How can we avoid another record year for breaches and ransomware?
More than 14.5 billion emails laced with malware were sent in 2017 according to the annual Global Security Report issued by AppRiver. The majority of cyber threats were initiated in the US and persisted throughout the year, with significant peaks in August, September and October.
In the first half of 2017, 1.9 billion data records were lost or stolen as a result of cyberattacks. This followed a tough year in 2016, when losses totaled $16 billion and criminals pocketed approximately $1 billion in ransomware payments alone. Some of the largest publicly-disclosed breaches in 2017 ranged from compromised data at Equifax, affecting 143 million American consumers, to Yahoo updating the severity of its 2013 hack from 1 billion to approximately 3 billion customer accounts.
Significant attacks
Phishing and malware: AppRiver observed a 1,000 percent increase in phishing efforts, including those tailored to gather user email login credentials, followed by an unparalleled spike in malware attacks launched from the compromised email accounts of users across all services, including Office 365, Gmail, Yahoo and AOL.
Malware-as-a-Service: Last year illustrated a significantly lower barrier-of-entry into cybercrime, with user profile names and credit card numbers readily available on the dark web and distribution of 20K messages for just $40. Some common attack types included:
- DSD: AppRiver continued its reporting on Distributed Spam Distraction (DSD), which returned in strength last year. This attack fills inboxes with nonsense emails, simultaneously disguising a cybercriminal’s purchase or wire fraud activity in real time and distracting users from seeing legitimate email.
- RAT: The Adwind Remote Access Trojan (RAT) provides hackers with remote control of malicious programs across Windows, Linux, Mac and Android devices. In 2017, RAT was often introduced to users in the form of fake payment confirmation emails.
Ransomware: Many new strains of ransomware arrived in 2017, including Cerber, Jaff, Nemucod, Spora and Petya/NotPetya. Some of the most prolific included:
- WannaCry, which infected hundreds of thousands of computers worldwide, demanding a $300 bitcoin ransom.
- Locky, which was distributed mainly by the Necurs botnet and sometimes arrived at the rate of 4 million messages per hour.
DDE attacks: The Dynamic Data Exchange (DDE) protocol attacks produced highly targeted emails spoofing the Security and Exchange Commission’s EDGAR, gaining further traction when the largest botnet (Necurs) began to distribute malicious DDE documents. During October of 2017 alone, AppRiver filters captured nearly 50 million malicious DDE-laced documents.
What’s ahead for 2018?
Large data breaches are on the way: The volume of personal data stolen in the past year, such as with the Equifax breach, creates the potential for widespread fraud on a greater scale, creating hysteria for consumers and lenders alike.
Attacks from trusted sources: Between the resurgence in phishing attacks and the volume of stolen personal data available online, we expect to see more malicious attacks leveraged from hacked accounts and profiles.
New federal legislation: Expect security breach notifications laws to be passed regarding incident handling and how breaches are reported to law enforcement, financial institutions and consumers.
State-sponsored attacks will increase: This year will bring further challenges from the 2017 attacks from North Korea and Russia, and the distinction between criminal hackers and state-sponsored attacks more difficult to determine.
Cryptocurrency theft and mining: Bitcoin and Ethereum values skyrocketed in 2017, and malware authors will build upon capabilities to steal cryptocurrency payment information and wallets in 2018.
The worst is yet to come for IoT botnets: Internet of Things (IoT) devices are becoming popular with consumers. IoT botnets will continue to expand and increase in sophistication in 2018, producing intended and unintended physical consequences.
Routine, mandatory software updates to patch known vulnerabilities and avoid providing an open door for hackers.
Best practices
To reduce exposure to malware attacks in 2018, AppRiver recommends businesses have the following technologies and procedures in place:
- Anti-spam and anti-virus solutions, including protection against Web-borne malware
- Routine, mandatory software updates to patch known vulnerabilities and avoid providing an open door for hackers
- Double authentication procedures as a safeguard against “whaling” and other highly targeted attacks
- Formal security policies and ongoing training to ensure employees are aware of threats and risks, and stay apprised of their individual role in safeguarding the network.