While ransomware attacks declined in 2018, cryptominers dominated the malware landscape and impacted 37 per cent organisations worldwide, Israel-based cybersecurity solutions provider Check Point Software Technologies said in a report here on Tuesday.

According to “Check Point’s 2019 Security Report”, despite a fall in the value of all cryptocurrencies, 20 per cent of the companies continued to be hit by cryptomining attacks every week.

In 2018, cryptominers occupied the types of top four most prevalent malware.

On the other hand, ransomware usage fell sharply in 2018, impacting just 4 per cent of organisations globally.

“From the meteoric rise in cryptomining to massive data breaches and DDoS attacks, there was no shortage of cyber-disruption caused to global organisations over the past year,” Peter Alexander, Chief Marketing Officer of Check Point Software Technologies, said in a statement.

“These multi-vector, fast-moving, large-scale ‘Gen V’ attacks are becoming more and more frequent, and organisations need to adopt a multi-layered cybersecurity strategy that prevents these attacks from taking hold of their networks and data.
“The 2019 Security Report offers knowledge, insights and recommendations on how to prevent these attacks,” he added.

The report examines the latest emerging threats against various industry sectors, and gives a comprehensive overview of the trends observed in the malware landscape, in emerging data breach vectors, and in nation-state cyber-attacks.

Mobiles were found as a moving target. Over 30 per cent of organisations worldwide were hit by mobile malware, with the leading three malware types targeting the Android OS.

2018 saw several cases where mobile malware was pre-installed on devices, and apps available from app stores that were actually malware in disguise, the report said.

Bots were the third most common malware type, with 18 per cent of organisations hit by bots which are used to launch DDoS attacks and spread other malware. Bot infections were instrumental in nearly half (49 per cent) of organisations experiencing a DDoS attack in 2018.

The report is based on data from Check Point’s ThreatCloud intelligence — a collaborative network for fighting cybercrime which delivers threat data and attack trends from a global network of threat sensors — over the last 12 months.

It is also based on a new survey of IT professionals and C-level executives that assesses their preparedness for today’s threats.

Source: https://economictimes.indiatimes.com/news/international/business/cryptomining-impacted-37-organisations-worldwide-in-2018/articleshow/67639012.cms


Spreading tiny parts of junk traffic across a wide range of IP addresses can wreak havoc, while avoiding detection.

A new type of DDoS attacks has emerged, and it targets communications service providers (CSP). According to security firm Nexusguard, cybercriminals attack the large attack surface of ASN-level (autonomous system number) CSPs by spreading ‘tiny attack traffic’ across hundreds of IP addresses.

This allows them to avoid being detected.

Roughly two thirds (65.5 per cent) of DDoS attacks in the third quarter of last year targeted CSPs. Hundreds of IP prefixes were used, which means hackers had access to a ‘diverse pool’ of IP addresses.

“As a result, the year-over-year average attack size in the quarter fell measurably – 82 per cent,” the report states.

The activity usually goes like this: first cybercriminals map out the network landscape of their target, and try to identify key IP ranges. Then they inject tiny pieces of junk traffic to mix with the legitimate one. The small size allows it to bypass detection.

“Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes,” said Juniman Kasman, chief technology officer for Nexusguard. “Diffused traffic can cause communications service providers to easily miss large-scale DDoS attacks in the making, which is why these organizations will need to share the load with the cloud at the network edge to minimize attack impact.”

Source: https://www.itproportal.com/news/small-scale-ddos-attacks-are-on-the-rise/

THE innovative technologies and advance development facilitated by the digital age have benefited humanity immensely, completely transforming every facet of our lives while helping set the trajectory of the future.

However, along with the significant beneficial impact of technologies, also comes the dark, seedy side of the digital world – cyber crimes and cybersecurity threats-  which are also getting more sophisticated by the day.

A recent media report, claims that digital devices that are connected to the internet – computers, phones, and webcams – are being attacked on average every five minutes.

Referred to as “doorknob -rattling,” these are the same types of attack deployed by Mirai botnet to unleash distributed denial-of-service (DDoS) attack on major websites such as Netflix and Twitter in 2016 after taking control of over 600,000 devices.

While most computers and smartphones are protected from such attacks due to built-in security measures, many IoT devices that are connected to the internet, such as webcams, CCTV cameras, and printers among others are not impervious.

Security experts believe that as long as any device is connected to a public network, and has a public IP address, someone is going try hack into it, and the attempts to breach into machines are akin to the background noise of the internet.

Armies of malicious devices and botnets always seeking to take control of other devices that are sharing a common network is now a permanent feature of the digital realm.

The botnet Mirai was created by a US computer science student, Paras Jha who first deployed it on his university website to stall an exam. He also provided his expertise to other companies to protect them from similar attacks.

In an effort bamboozle the authorities who were hot on his heels, he releases the Mirai’s source code online which led a proliferation of the Mirai-like botnets controlled by legions of cybercriminals around the world.

Network security companies often set up what is called “honeypots” which are simulated connections that are intentionally left vulnerable to attract these botnets and record their modus operandi.

Generally, Mirai-style botnets, choosing IP address at random will attack the honeypot within minutes and seek to connect to it using default username and passwords.

With the emergence of IoT, cybersecurity experts have sounded the alarm, raising concerns that explosion in the number of IoT devices that still uses passwords and rarely updated will become an easy target to hackers to access a home network.

Users, however, could take proactive security measure to protect themselves from malicious botnets or to connect to the internet via a firewall or a home router.

Beyond that, to fend off more sophisticated attacks that will emerge with the constant development of technologies, more advanced security measure that integrates future technologies such AI and machine learning has to be developed and deployed to stay one step ahead of the cyber threats.

Source: https://techwireasia.com/2019/01/will-the-emergence-of-iot-make-the-internet-less-safe/

Bots that can launch hundreds of attacks per second are making account takeover fraud more difficult to defend against.

Modern malicious botnets can do far more than launch huge DDoS attacks: According to a new report, criminals participating in account takeover activities are using botnets to launch more than 100 of these attacks every second.

The report, published by e-commerce fraud prevention company Forter, says that between 20% and 30% of all account takeover attacks are launched by organized fraud rings, and these organized groups are seeing greater success. More than 80% of all account takeover attacks are launched by fewer than 10% of the attackers targeting the site.

Organizations that offer more services on their web sites may increase customer loyalty, but they also increase their site’s attractiveness to criminals, says the report. Loyalty programs, for example, increase their risk of account takeover attacks by as much as 200%.

As for prevention, the report points out that a focus solely on the point of transaction may be misguided, since fraud actors may well have been watching a victim’s behavior for days or weeks.

Source: https://www.darkreading.com/vulnerabilities-and-threats/report-bots-add-volume-to-account-takeover-attacks/d/d-id/1333658

  • Cybersecurity company Recorded Future conducted a research study on the history of Iran’s hacker culture, its ties to the country’s government and mistakes the loosely tied-together group has made along the way.
  • Forums started in 2002 have provided a launch point for a series of sophisticated attacks against world governments and companies throughout the past two decades, according to the report.

Iranian hackers have congregated since at least 2002 in online forums to share tips on the best ways to create successful cyberattacks.

Those conversations have given birth to some of the most significant global cybersecurity incidents, including devastating attacks on Saudi Aramco, attacks against the public-facing websites of large banks and espionage campaigns on a wide range of Western targets, according to new research by cybersecurity intelligence firm Recorded Future.

Among the findings in the report:

  • A forum called “Ashiyane,” created by a cybersecurity company called the Ashiyane Digital Security Team, served as a medium for Iranian contractors to show off their talents for executing successful online offensive campaigns.
  • The forum was one of Iran’s most popular with around 20,000 users and had direct ties to Iran’s Islamic Revolutionary Guard Corps.
  • Many of the hackers on the forum considered themselves “gray hats,” a term for hackers that participate in both legitimate and criminal cyber actions. It’s a mixture of the term “white hat,” which refers to ethical hackers, and “black hats,” which refers to hackers who take part in malicious or illegal activities.
  • During the Iranian green movement of 2009, the forum was one of only a few that remained in use as Iran’s government cracked down on hacking websites.
  • The forum’s archives feature details of how participants shared information on how to execute distributed denial of service attacks, or DDOS attacks, which are meant to push websites out of service by flooding them with information, as well as Android exploits and commonly used cyberattack techniques.
  • The forum was shutdown in 2018. Though the reason for the shutdown is not clearly known, Recorded Future cites sources as saying the forums became involved in online gambling, an endeavor explicitly prohibited in the Islamic state.

Source: https://www.cnbc.com/2019/01/16/new-research-offers-a-glimpse-inside-the-online-forums-where-iranian-hackers-congregate.html