Digital-Work-Setting--An-Easy-Target-for-Cyber-Criminals

The IT Threat Landscape Remains Dominated By Ransomware Attacks

After the lockdown, most of the countries across the world are gradually reopening the economies. However a majority of the businesses continue to operate in remote settings. This digital work setting has become an easy target for criminals as the organizations try to reinforce their cybersecurity that goes beyond the physical premises. Researchers have found evidence that attacks during the pandemic have risen at a significant level.

Moreover, security research revealed that there has been a 30% rise in COVID-19 related cyberattacks in the first two week of May, out of which many of them were email scams. In fact Google also announced that in April, Gmail blocked more than 240 million spam messages. And these scams are likely to increase until things settle down, which will depend on the discovery and production of an effective vaccine.

 

What Are The Types of Attacks Dominating The Market?

 

Internet of Things

The Internet of Things is designed as objects or devices that connect to the internet to automatically send or receive data. Deficient security opportunities and challenges for treating vulnerabilities IoT devices and lack of security awareness among the consumers, allows the cyber criminals to attack the devices. These criminals can leverage these possibilities to remotely attack other systems, and spams to steal vital information.

An attack on the Universal Plug & Play Protocol (UPnP) to acquire access on various IoT devices and tools. The UPnP defines this process as when a device is connected and communicates remotely on a network without any verification. Moreover, UPnP is developed to configure itself when integrated to an IP address, creating opportunities of exploitation.  The attackers can modify the configuration and launch commands on the exploited devices, allowing the systems to harness sensitive information, implement attacks against businesses and homes, or participate in digital eavesdropping.

 

The primary IoT risks involves –

  • Compromising the connected IoT device to cause any harm
  • Exploiting default passwords in order to send spam or malicious emails, steal credit card or personally identifiable data.
  • Exploiting business transactions.
  • Making devices inoperative by overloading devices.

 


5 Common Mistakes that Often Leads to the Compromise of Endpoints


MacOS Attacks

MacOS malware consists of Trojan horses, viruses, worms, etc. that impact Apple’s existing operating system, macOS. In the year 2016, Apple shut down its ransomware attack against the users that encrypted confidential information. The ransomware was known as KeRanger. Typically Mac is less vulnerable to malware attacks than Windows.

But as per the 2020 State of Malware Report which was published by Malwarebytes, there has been 400% spike in the malware infection in 2019 in comparison to 2018. This is considered due to the increase in the overall MAC system running the Malwarebytes software. Moreover, malware detections per endpoint in Mac increased to 11.0 in 2019 as opposed to 4.8 detection in 2018. This figure is double that of Windows which experienced 5.8 malware attacks in each endpoint.

Additionally, in terms of market share Mac has surpassed Windows. This has made MacOS a big target among the malevolent actors. Though MacOS is quite resilient to cyber-attacks, Apple’s security mechanisms have not had a lot of success in dealing with the adware like it did with malware. This allowed attackers to leverage programs to infiltrate the defense of the system.

Over the years adware has become very sophisticated, imposing a graver threat to the operating systems. In 2019, Malwarebytes detected 24 million adware infections on Windows whereas this figure stood at 30 million on Mac systems.

Moreover, cybersecurity researchers have identified a new ransomware known as EvilQuest, which is especially targeting MacOS via pirated applications. This is the second malware discovered post the fileless Trjon, which was detected by K7 computing 2019 December.

 

Macro and File less Attack

Macro viruses leverage Visual Basic for Application or VBA programming in operating systems to spread different types of malware like worms and viruses. These types of viruses were more common in the 1900s. But they have been making a comeback in 2020 due to the vulnerabilities of the present condition.

These are not as challenging to detect as ransomware or spear-phishing. If the macros within the file are not running then this malware will not infect the device. The main step towards protection of these malware scams is to identify phishing emails.

Fileless malware is a form of malicious software that harnesses legitimate programs to infect the system. It does not depend on any files and leaves no footprint behind. This makes it challenging to identify and remove these kinds of fileless malware. Additionally, these types of malware have effectively infiltrated a majority of advanced security solutions.

These types of attacks belong to the low-observable characteristics attacks. These types of attacks clear detection by many security solutions and are challenging to detect by forensic analysis efforts.

As per the reports by Cisco, fileless malware has emerged as the most common endpoint threat and accounts for up to 30% of the IoC indicators of compromise. The IoCs indicate the presence of the threats. The malicious code runs in the memory instead of in the stored files within the hard drive.

 

Potentially Unwanted Applications and Cryptojacking

Potentially Unwanted Applications or PUAs are defined as unwanted software programs that are integrated in the legitimate free programs. While not all PUA have destructive effects, some of them can result in annoying behaviors such as slowing down the operating system, generating pop-up ads, etc. Along with impacting the performance of your computer, these can also result in security risks. Some of the common types of PUAs include browser hijacker, adware, spyware, etc.

Browser-based cryptocurrency mining or cryptojacking has made a strong back in 2020. In fact Symantec in its Threat Landscape Trends report revealed that there has been a 163% rise in the detection of cryptojacking in Q2 of 2020 as opposed to the previous quarters.

Cryptojacking is one of the biggest cyber threats that the world faces right now. It stays hidden on the mobile devices or computers and leverages their resources to mine cryptocurrencies. It can compromise all types of devices including laptops, desktops, smartphones and network servers. Rather than developing a dedicated crypto mining computer, the attackers use cryptojacking to steal resources from your devices. And when all the resources are collected, it allows the hackers to complete the sophisticated crypto mining operations without nearing overhead costs.

 

Final Thoughts

While COVID-19 pandemic is slowly stabilizing the situation in different parts of the world, there has been an increase in cyber-attacks. Interpol detected around 907,000 spam messages, 48,000 malicious URLs, and 737 malware incidents and they were all related to COVID-19. And this is the data provided by only one private sector.

Sophisticated threat actors are increasingly deploying disruptive malware against critical infrastructure and health organizations as these industries have immense opportunities of immense financial gain. Moreover, Ransomware was especially spiked in the month of April. Moreover the average ransomware payment for Q2 stood at $178, 254 which is 60% greater in the first quarter.

Cybercriminals are ameliorating their attacks at an alarming rate by exploiting the vulnerability due to unstable social and economic conditions generated by COVID-19. The sudden increased dependency on digital medium across the world has created opportunities and many businesses and individuals remain unaware of their cyber defenses.