Cyber Criminal Activity Evolve into a Stunningly Efficient Machine

October 10, 2019

Smart phones, smart homes, and even Apple software are prime targets as botmasters discover and quickly exploit new vulnerabilities, says the latest NETSCOUT Threat Report
IoT devices behind firewalls aren’t as safe as you think given that we’ve reported on proof-of-concept malware built to target those devices. It can take as little as five days from new attack vector discovery to weaponization, widening access to fast, efficient tools for anybody with an axe to grind.
Even college students can hire botnets to take down testing platforms, while participants in geopolitical skirmishes increasingly use cyber tactics as part of their toolkit.
Everything from routers to smart home devices to your own smart phone are at risk, as attackers exploit vulnerabilities in connected devices at a breathtaking clip. Worse, we’ve seen proof-of-concept malware targeting IoT devices behind firewalls, which adds another layer of complexity to organizations’ defense.
It can take as few as five days from new attack vector discovery to weaponization, giving attackers fast access to inexpensive and devastating tools for revenge.
Even college students can access sophisticated attack tools. The NETSCOUT SOC helped one university successfully thwart targeted local attacks to online test platforms and curriculum
Geopolitical adversaries increasingly target one another using cyber tactics ranging from malware and DDoS attacks to social engineering and misinformation.
India and Pakistan exemplify the increasing use of cyber tactics as they targeted each other with a series of campaigns in the first half of 2019.
Adversaries continued to make use of widely available exploitation tools such as mimikatz, njRAT, and PsExec, even when APT campaigns appear to otherwise have substantial resources available or the expertise to create custom tools.
While bespoke malware continues to make the rounds, many campaigns relied entirely on deception and social engineering, continuing the trend where email remains dominant as the primary intrusion vector.
IoT devices are under attack within minutes. It can take only five days from new attack vector discovery to weaponization, giving attackers fast access to inexpensive and devastating tools for revenge.
Mirai and its variants continue to dominate the IoT scene, as we see upwards of 20,000 unique samples per month. Widely available source code lets entrepreneurs with little to no skills easily build custom IoT botnets, creating an upsurge of Mirai-based variants in the wild, but the law may be catching up. Device manufacturers like D-Link are facing legal consequences for leaving their hardware open to attacks.
There are still too many reports about local governments and insurance companies making ransom payments for file decryption, and ransomware operators are emboldened by continued success. Danabot, an already efficient crimeware framework that showcases the business model adversaries use, has capitalized on ransomware’s effectiveness by adding a module that encrypts files to bolster revenue.
Despite the advent of chip and EMV technology, we saw POS malware operations continue to persist and steal customer credit card data. Well-known groups such as FIN8 have reemerged, showcasing POS malware’s continued relevance as a money maker.
1H 2019 saw explosive global growth in attacks between 100 Gbps and 400 Gbps.

Comments are closed.