Advanced malware, active adversary and ransomware on the rise – Sophos

Advanced malware, active adversary and ransomware are on the rise, warns Sumit Bansal, managing director, ASEAN and Korea at Sophos, claiming these very advance threats comprise 80% to 90% of the threat landscape, which also include generic malware and cryptojacking.

This observation was based on the Sophos 2019 Threat Report, a study conducted by SophosLabs researchers to 2,000 organizations last year to explore changes in the threat landscape over the past 12 months, uncovering trends and how they are expected to impact cyber security in 2019.

In the report, 54% of organizations were hit by ramsonware, suffering from an average of two attacks last year. Of these, 77% were running up-to-date antivirus at the time of attack. The study also revealed that on the average, the cost of a ransomware attack which includes downtime, labor, device/network cost, lost opportunity, and ransom amounted to US$133,000.

Advanced malware, active adversary and ransomware are on the rise, warns Sumit Bansal, managing director, ASEAN and Korea at Sophos.

The report says the threat landscape has shifted. Cyber criminals are now turning to more advanced, hand-delivered targeted ransomware attacks that earn millions of dollars for them. Distributed through millions of emails, these targeted ransomware is more damaging than if delivered from a bot, as human attackers can find and stake out victims, think laterally, trouble shoot to overcome roadblocks, and wipe out back-ups so the ransom must be paid. This style of attack is becoming popular. Sophos experts believe the financial success of Samsam, BitPaymer and Dharma to inspire copycat attacks and expect more to happen in 2019.

The study also discloses that attackers employ Advanced Persistent Threat (APT) techniques to use readily available Windows IT tools to steal sensitive information off the server or drop ransomware. Cyber criminals are using essential or built-in Windows IT admin tools, including Powershell files and Windows Scripting executables to deploy malware attacks on users.

By chaining together a sequence of different script types that execute an attack at the end of the event series, hackers can instigate a chain reaction before IT managers detect that a threat is operational on the network, and once they break in it is difficult to stop the payload from executing.

To lure victims, cyber criminals have adopted newer Office exploits. Office exploits have long been an attack vector, but cyber criminals have cut loose old Office document exploits in favor of newer ones.

The Windows EternalBlue exploit becomes a key tool for cryptojacking attacks which turned the activity from a nuisance hobby into a potentially lucrative career. Lateral distribution on the corporate networks allowed the cryptojacker to quickly infect multiple machines, increasing payouts to the hacker and heavy costs to the user.

With illegal Android apps on the rise, 2018 has seen an increased focus in malware being pushed to phones, tablets and other Internet of Thing (IoT) devices. As homes and businesses adopt more Internet-connected devices, criminals have been devising new ways to hijack those devices to use as nodes in huge botnet attacks. In 2018, VPNFilter demonstrated the destructive power of weaponized malware that affects embedded systems and networked devices that have no obvious user interface. Elsewhere, Mirai Aidra, Wifatch, and Gafgyt delivered a range of automated attacks that hijacked networked devices to use as nodes in botnets to engage in distributed denial-of-service attacks, mine cryptocurrency and infiltrate networks.

To Top