Sophos 2019 Threat Report Unveils The Rise of The Hand-Delivered, Targeted Cyberattacks as Criminals Stalk Victims to Bank Millions

Global network and endpoint security provider Sophos launched its 2019 Threat Report providing insights into emerging and evolving cybersecurity trends. The report, produced by SophosLabs researchers, explores changes in the threat landscape over the past 12 months, uncovering trends and how they are expected to impact cybersecurity in 2019.

The SophosLabs 2019 Threat Report focuses on these key cybercriminal behaviours and attacks:

Capitalist cybercriminals are turning to targeted ransomware attacks that are premeditated and reaping millions of dollars in ransom

2018 saw the advancement of hand-delivered, targeted ransomware attacks that are earning cybercriminals millions of dollars. These attacks are different than ‘spray and pray’ style attacks that are automatically distributed through millions of emails. Targeted ransomware is more damaging than if delivered from a bot, as human attackers can find and stake out victims, think laterally, trouble shoot to overcome roadblocks, and wipe out back-ups so the ransom must be paid. This “interactive attack style,” where adversaries manually maneuver through a network step-by-step, is now increasing in popularity. Sophos experts believe the financial success of SamSam, BitPaymer and Dharma to inspire copycat attacks and expect more happen in 2019.

Cybercriminals are using readily available Windows systems administration tools

This year’s report uncovers a shift in threat execution, as more mainstream attackers now employ Advanced Persistent Threat (APT) techniques to use readily available IT tools as their route to advance through a system and complete their mission – whether it is to steal sensitive information off the server or drop ransomware. They are now turning built-in Windows IT admin tools, including Powershell files and Windows Scripting executables, to deploy malware attacks on users. Cybercriminals have also adopted newer Office exploits to lure in victims.

By chaining together a sequence of different script types that execute an attack at the end of the event series, hackers can instigate a chain reaction before IT managers detect that a threat is operational on the network, and once they break in it is difficult to stop the payload from executing. Just recently, EternalBlue has now become a key tool for cryptojacking attacks. Lateral distribution on the corporate networks allowed the cryptojacker to quickly infect multiple machines, increasing payouts to the hacker and heavy costs to the user.

Malware’s impact extends beyond the organisation’s infrastructure as we see the threat from mobile malware grow apace. With illegal Android apps on the increase, 2018 has seen an increased focus in malware being pushed to phones, tablets and other Internet of Things devices. As homes and businesses adopt more internet-connected devices, criminals have been devising new ways to hijack those devices to use as nodes in huge botnet attacks. In 2018, VPNFilter demonstrated the destructive power of weaponised malware that affects embedded systems and networked devices that have no obvious user interface. Elsewhere, Mirai Aidra, Wifatch, and Gafgyt delivered a range of automated attacks that hijacked networked devices to use as nodes in botnets to engage in distributed denial-of-service attacks, mine cryptocurrency and infiltrate networks.

For additional and detailed information on threat landscape trends and changing cybercriminal behaviours, please visit the entire SophosLabs 2019 Threat Report.

NO COMMENTS