Published on the 14/02/2019 | Written by Pat Pilcher
Businesses in the crossfire in 2019…
Cyber security veteran Malwarebytes has released its latest state of cyber security report, highlighting both current and expected digital security trends. iStart caught up with Malwarebytes APAC region sales engineering manager, Brett Callaughan, for his take on the current state of cyber security.
iStart: The Malwarebytes report says malware authors changed tactics in the latter half of 2018, choosing to target organisations over consumers because of the bigger payoff. What sort of attacks are these, and what sort of payoffs can malware authors expect?
Brett Callaughan: Payoffs vary in each case, however the main goal of malware authors seems to be to exfiltrate data that can be sold to damage an organisation’s brand and reputation. They are also seeking the spotlight and want to gain notoriety but most often they are simply trying to extort businesses out of money by holding data for ransom.
“Malware that is modified by, created by and communicating with an AI is a very dangerous reality.”
iStart: The report says global business malware detections rose 78 percent. What is driving that increase?
BC: Malware authors pivoted in the second half of 2018 to target organisations over consumers because they recognised that a bigger payoff was possible from making victims out of businesses instead of individuals.
We’ve seen significant detection increases across a number of malware categories on the business side over the last 12 months, both globally and in A/NZ. Malware such as backdoors (173 percent), spyware (142 percent), trojans (132 percent) and riskware tools (126 percent) have all significantly increased, leading to an overall rise in A/NZ business detections of 78 percent.
iStart: Is this a tip of the iceberg situation with large numbers of malware exploits going undetected? What is your feel for this?
BC: It is just the tip of the iceberg. As long as there is money to be made, attackers will continue to pose a larger threat to businesses and consumers alike. Into 2019 and beyond, we will continue to see increases in malware detections and attackers will continue to focus on businesses in 2019 due to the greater financial opportunity.
Measures like the Notifiable Data Scheme have highlighted the number of attacks occurring, with the recorded detections increasing steadily with each quarter. It is worth noting, however, that while we are reporting more breaches and security incidents than ever before, the majority of them have always been happening in the background – it’s just that we’ve only started to make them public as of February 2018.
iStart: Are cryptomining attacks on the decline?
BC: While the rest of the world noticed the decline of cryptomining attacks earlier in 2018, detections in A/NZ did drop off in the second half of the year, falling by 71 percent from August to September. While incidents of cryptomining have fallen, this doesn’t mean the threat of malware is over, with EmoTech and TrickBot detections increasing since mid-2018. Not only does this showcase the shift towards information-stealing malware, but underlines cybercriminals’ constant focus on creating new ways of making a profit from unsuspecting Australasian businesses.
iStart: Why the move to information stealers (such as EmoTet or TrickBot) over cryptominingware?
BC: There are a couple of reasons for the move to information stealing malware such as Emotet and Trickbot, the first being that information is more valuable. There are many ways that this information can be packaged and sold on to other cybercriminals and, depending on the type of details included (financial, medical, etc.), these packets of data can have a long shelf life.
The other reason is notoriety. An attacker gets substantial attention after a breach to a major organisation. Think of the media attention the Madgecart Group received following its series of data skimming attacks in late 2018. The group’s name was reported everywhere and Magecart attacks were heralded as the ‘next big thing’ in cybercrime.
iStart: Cryptocurrency miners saw a 1,164 percent increase in detections across the Asia Pacific region overall – I thought they were on the decline – is this a decline globally or a regional spike?
BC: This high percentage accounts for the earlier part of 2018, when cryptocurrency value was still higher. The decline of cryptocurrency miners in Australasia directly correlates with the declining value of cryptocurrency. Simply put, when the value of cryptocurrencies declined, the cybercriminals were no longer interested and found new ways to secure a big payoff.
iStart: The report lists the threats for Australian and New Zealand businesses – what factors make both markets different?
BC: As a region, Australia and New Zealand run a bit behind the US market from a malware perspective, and cryptomining is the perfect example of this. The boom and ultimate downturn of cryptomining in the US started half way through 2018, whereas A/NZ only started to see the downturn much later in the year.
Because we have a high proportion of small and growing businesses in the A/NZ region, organisations have limited resources and budgets to combat malware threats generally. Australia and New Zealand do differ in the types of malware that they are most susceptible to, however at this time this seems to be due to the preferred attack of the cybercriminal rather than due to any other external factor.
Previous reports like the Q3 CTNT report in 2018 found that backdoor, adware and anomalous (machine learning) malware detections were key differentiators. New Zealand saw significant increases in both the number of backdoor (116 percent) and machine learning detections (209 percent), whereas Australia saw a decrease of 94 percent and 29 percent respectively. The reverse is true for adware, with New Zealand recording a 24 percent decrease in the number of detections, while Australia recorded a 90 percent increase in this kind of malware.
iStart: The report mentions machine learning malware – what is it and how is it a threat to businesses?
BC: While the idea of having malicious artificial intelligence running on a victim’s system is currently pure science fiction, the 2019 State of Malware report predicts that malware that is modified by, created by and communicating with an AI is a very dangerous reality. The threat to business here is yet to be seen, but we can surmise that an AI that communicates with compromised computers and monitors is how certain malware is detected and can quickly deploy countermeasures. The downside is that AI controllers will enable malware built to modify its own code to avoid being detected on the system, regardless of the security tool deployed.
iStart: What are the key threats to businesses in 2019 and what should businesses look to do to give themselves a measure of security?
BC: 2017 focused on ransomware and attacking the consumer, 2018 was the year of the ‘mega breach’, but 2019 will be the year that businesses are in the crossfire.
New, high-profile breaches will push the security industry to finally solve the problem of unsecure usernames and passwords. Ineffective username/passwords have plagued consumers and businesses for years and while there are many solutions available, the cybersecurity industry has not been able to settle on a standard to fix the problem. In 2019, we will see a more concerted effort to replace passwords altogether.
As well as being extra vigilant with software and firmware upgrades, businesses will need to closely monitor their IoT hardware as the new year will see more and more hardware devices being compromised to serve up everything from cryptominers to Trojans.
As we’ve already discussed, cybercriminals will focus attacks on the business sector. To ensure a big payoff, attacks distributing cryptominers will focus on platforms that can generate more revenue such as servers and IoT devices, while others such as browser-based mining will drop significantly.
Both in the business and consumer spaces, the game of cat and mouse will continue, with old tricks applied to new threats and new tactics used for old favorites. Our advice remains to stay informed, stay vigilant and never take the security of your data or devices for granted.
iStart: What changes to the business cyber security landscape does Malwarebytes see for 2019?
BC: We can expect more of the same for 2019. Attackers will continue to focus on businesses because of the increased perceived payoff. Businesses will need to remain vigilant and continue to improve their security posture this year, always remembering that as attackers evolve and become more sophisticated, so too must their security measures.
From monitoring a business’ multiple endpoints, such as executive mobile phones and desktop terminals to securing cloud-based operating systems, a robust, holistic end-to-end security solution is required to protect every facet of the business environment.