1 / 20

Legal Informatics, Privacy  and Cyber Crime

Explore the evolving trends in internet security threats from 2016 to 2019, including formjacking, ransomware, software supply chain attacks, and IoT vulnerabilities. Learn about the increasing challenges faced by users and the changing tactics of cyber attackers.

veronicas
Download Presentation

Legal Informatics, Privacy  and Cyber Crime

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Legal Informatics, Privacy  and Cyber Crime Etalle Part 6 2019

  2. Content of these slides The Trends • 2019 Internet Security Threat Report, available at Symantec.com • We will compare with 2018 and 2017

  3. 2018 Trends (2019 IS Threat Report) Formjacking was the breakthrough threat of 2018 Cryptojacking and ransomware declining but not out (formjacking has replaced them as non-targeted vector) • Targeted (enterprise) and mobile ransomware raising 0-day exploit declining Living off the land and supply chain attacks are now a staple of the new threat landscape. Cloud is showing to be a weak point. users facing challenges on multiple fronts through data leaks from cloud storage and low-level chip vulnerabilities. Targeted attack groups show increasing interest in operational targets; greater number of groups adopting destructive malware.

  4. 2017 Trends (2018 IS Threat Report) With each passing year, not only has the sheer volume of threats increased, but the threat landscape has become more diverse, with attackers working harder to discover new avenues of attack and cover their tracks while doing so. Coin-mining attacks explode Spike in software supply chain attacks Ransomware business experiences market correction Drop in zero days can’t halt the rise in targeted attacks Mobile malware continues to surge

  5. 2016 Trends (2017 IS Threat Report) Targeted attacks: Subversion and sabotage • Cyber attacks against the US Democratic Party • Ukraine 2016; Shamoon used in Saudi Arabia (several organizations) Financial cyber attackers chase the big scores • Usually customer-focused, some attackers are now targeting the banks Living off the land • Attackers ranging from cyber criminals to state-sponsored groups have begun to change their tactics, making more use of operating system features, off-the-shelf tools, Resurgence of email as favored attack channel • One in 131 emails were malicious, highest rate in five years. Ransomware escalating demands • Avg ransom demand in 2016: $1,077, up from $294 in 2015 New frontiers: IoT and cloud move into the spotlight

  6. Let’s look at the trends

  7. Coin-mining attacks 2018: -52% A correction (formjacking now “better”) • (bt still significant: Symantec blocked >3.5m cryptojacking events in December 2018 only!) 2017: +8500%, the explosion 2016: +300% This coin mining gold rush resulted in an 8,500 percent increase in detections of coinminers on endpoint computers in 2017. Coinmining: The process of updating the Bitcoin blockchain or the ledger. Allows new bitcoins to enter the system. Need computational resources. Reward: transaction fees and a ”reward” (12.5BTC?) when a new block is mined. Not necessarily illegal (depends on the country). In any case: illegal to do on someone’s else computer. With a low barrier of entry

  8. Ransomware 2018: lower total number of attacks (for the first time) • Focus on enterprise (81% of all infections) • -20% general ransomware • +12% enterprise ransomware (more targeted) • +33% mobile ransomware (but the main target is still Windows) 2017: market correction. Avg ransom $522 (-50%) • # attacks still high, but fewer ransomware families and lower ransoms: ransomware is now commodity. • Focus shifted to coin mining or more higher-value target • Focus shifts onenterprise ransoms 2016: huge year for Ransomware • Average ransom $1079 (up from $294) • Very profitable (at the time), but the market is getting crowded • Focus on Consumers

  9. FormJacking “New” in 2018 A form of persistent XSS: inject code into an online storeto steal e.g. CC. > 4,800 monthly compromised websites  > 3.7m times blocked (2018) • 1/3 of them in November and December small and medium retailers are most compromised

  10. Software supply chain attacks 1/2 2018: +78% 2017: +200% 2016: not even mentioned Reason: despite the EternalBlue exploit wreaking havoc in 2017, the reality is that vulnerabilities are becoming increasingly difficult for attackers to identify and exploit. (see also living off the land) Easier for attackers injecting malware implants into the supply chain to infiltrate unsuspecting organizations Two types • Target the “maintenance guys” • Target the software update (see Petya/NotPetya)

  11. Software supply chain attacks 2/2 Motivation for attackers: 01  Infiltration of well-protected organizations by leveraging a trusted channel 02  Fast distribution: number of infections can grow quickly as users update automatically 03  Targeting of specific regions or sectors 04  Infiltration of isolated targets, such as those in industrial environments 05  Difficult for victims to identify attacks as trusted processes are misused 06  May provide attacker with elevated privileges during installation

  12. Tools: IoT attacks 2018: • Volumes high but constant wrt 2017 • Routers (75%) and Cameras (15%) the primary targets • Mirai (IoT-based DDOS) still active 2017: • 600% increase in overall IoT attacks in 2017, which means that cyber criminals could exploit the connected nature of these devices to mine en masse. 2016: The breakout of IoT attack, • Krebs & DYN: first, unprecedented, massive IoT-based DDoS attacks

  13. Tools: Zero Day vs Living off the Land. Use of zero day is declining steadily • 2018: only 23% of TA groups use zero-day • 2017: 0days declining, only 27% of TA groups use 0days. • 2016: 0day use slightly declining from 2015 (and 2014) Living off the Land: increasing steadily in 2016-2018 • 2018: LotL “increasingly used by TA groups” • 2017: “Living off the Land” increasing • #1 infection vector: spear phishing (71%) • 2016: first signs of “living off the land”

  14. About Living off the Land From https://www.darkreading.com/analytics/stealing-data-by-living-off-the-land/d/d-id/1322063 (2015) Hackers latest tactic involves a malware-free attack using a company's own system credentials and admin tools to gain access.  “cyber criminals are using the target company’s own system credentials and legitimate software administration tools to move freely throughout their network, infecting and collecting valuable data. Burdette, who is part of the CTU operations team, says this has been the method to gain access to networks in nearly all of the intrusions responded to by the Incident Response Team over the past year.” Basically: attackers now minimize the use of vulnerabilities. / name of department

  15. Targeted Attacks 2018: new TA groups emerging, old one refining tactics • New trend: diversification in targets including OT technology • (old pioneers: Dragonfly, with the energy companies) • Thrip TA group compromised a satellite communications operator • Chafer (IR-based) group compromised a telecoms service provider in Middle East • New trend: indictments in the US for state-sponsored espionage (2018: 49 people, 2017: 4, 2016: 5) 2017: TA activity up 10%, • new trend: disruptive activity • 90% by intelligence gathering, 10% some form of disruptive activity. )

  16. Mobile malware continues to surge 2017 • The number of new mobile malware variants up 54% • Avg: 24,000 malicious mobile applications blocked each day. • the problem is exacerbated by the continued use of older operating systems. • Mobile users also face privacy risks from grayware, apps that aren’t completely malicious but can be troublesome. Symantec found that 63 percent of grayware apps leak the device’s phone number. With grayware increasing by 20 percent in 2017, this isn’t a problem that’s going away.

  17. OLD MATERIAL

  18. Predictions for 2018 (1 of 3) Mid-tier mature cloud providers will likely see the impact of the Meltdown and Spectre vulnerabilities • Meltdown and Spectre can affect all kinds of computers, but the most worrying possible impact is in the cloud, because an attack on a single server could lead to the compromise of multiple virtual machines running on that server WannaCry and Petya/NotPetya may inspire new generation of self-propagating threats • Worms enjoyed their heyday around the turn of the century. E.g. Slammer in 2003. Until May 2017, it seemed unlikely that another threat could cause global disruption in the same way. • That all changed with the arrival of WannaCry and Petya/ NotPetya. Both threats were capable of self-propagation largely because they used the EternalBlue exploit. • Attackers will no doubt have noticed how effective both threats were. EternalBlue’s usefulness may be exhausted at this stage but there are other techniques that can be used.

  19. Predictions for 2018 (2 of 3) IoT attacks will likely diversify as attackers seek new types of devices to add to botnets • While IoT attacks weren’t in the headlinesas much in 2017 as they were in 2016, they certainly haven’t gone away. In fact, attacks against IoT devices were up by 600 percent last year. • Some IoT attackers have already started looking beyond routers and have begun to target other connected devices in a serious way. Coinminer activity will likely continue to grow but will increase focus on organizations • Although the immediate rewards may ostensibly seem lower, coin mining offers a long-term, passive revenue stream if the miners can remain undiscovered for longer. We believe that coin-mining activity will increase in the mobile space into 2018 and beyond. We saw an uptick at the end of 2017 and if this proves lucrative, it may grow.

  20. Predictions for 2018 (3 of 3) Attacks on critical infrastructure likely to step up in 2018 • Attackers have been exhibiting a growing interest in critical infrastructure in recent years and the scale and persistence of these attacks is now reaching worrying proportions. • Our latest research on the Dragonfly group found that it has continued to target the energy sector in Europe and North America • These attacks would likely give Dragonfly the ability to sabotage or gain control of these systems should it decide to do so. However, it seems unlikely that any group would go to these lengths unless it was prepared to launch disruptive attacks. Nonetheless, there is a real risk that at some stage soon, Dragonfly’s masters may decide to play this card.

More Related