Story image

Cyber attacks develop complexity, target Windows sysad tools - report

05 Dec 2018

Sophos has launched its 2019 Threat Report providing insights into emerging and evolving cybersecurity trends. 

The report, produced by SophosLabs researchers, explores changes in the threat landscape over the past 12 months, uncovering trends and how they are expected to impact cybersecurity in 2019.

In the report, Sophos CTO Joe Levy states, “The threat landscape is undoubtedly evolving; less-skilled cyber criminals are being forced out of business, the fittest among them step up their game to survive and we’ll eventually be left with fewer, but smarter and stronger, adversaries.

“These new cybercriminals are effectively a cross-breed of the once esoteric, targeted attacker, and the pedestrian purveyor of off-the-shelf malware, using manual hacking techniques, not for espionage or sabotage, but to maintain their income streams.”

The SophosLabs 2019 Threat Report focuses on these key cybercriminal behaviours and attacks:

Capitalist cybercriminals are turning to targeted ransomware attacks that are premeditated and reaping millions of dollars in ransom.

2018 saw the advancement of hand-delivered, targeted ransomware attacks that are earning cybercriminals millions of dollars.

These attacks are different than ‘spray and pray’ style attacks that are automatically distributed through millions of emails.

Targeted ransomware is more damaging than if delivered from a bot, as human attackers can find and stake out victims, think laterally, troubleshoot to overcome roadblocks, and wipe out backups so the ransom must be paid.

This “interactive attack style,” where adversaries manually manoeuvre through a network step-by-step, is now increasing in popularity.

Sophos experts believe the financial success of SamSam, BitPaymer and Dharma to inspire copycat attacks and expect more happen in 2019.

Cyber criminals are using readily available Windows systems administration tools 

This year’s report uncovers a shift in threat execution, as more mainstream attackers now employ Advanced Persistent Threat (APT) techniques to use readily available IT tools as their route to advance through a system and complete their mission – whether it’s to steal sensitive information off the server or drop ransomware:

  • Turning admin tools into cyber  attack tools In an ironic twist, or Cyber Catch-22, cybercriminals are utilising essential or built-in Windows IT admin tools, including Powershell files and Windows Scripting executables, to deploy malware attacks on users.  
  • Cybercriminals are playing Digital Dominos By chaining together a sequence of different script types that execute an attack at the end of the event series, hackers can instigate a chain reaction before IT managers detect a threat is operational on the network, and once they break in it’s difficult to stop the payload from executing.
  • Cybercriminals have adopted newer Office exploits to lure in victims Office exploits have long been an attack vector, but recently cybercriminals have cut loose old Office document exploits in favour of newer ones.  
  • EternalBlue becomes a key tool for cryptojacking attacks Patching updates appeared for this Windows threat more than a year ago, yet the EternalBlue exploit is still a favourite of cybercriminals; the coupling of EternalBlue to cryptomining software turned the activity from a nuisance hobby into a potentially lucrative criminal career. Lateral distribution on the corporate networks allowed the cryptojacker to quickly infect multiple machines, increasing payouts to the hacker and heavy costs to the user.

The continued threat of mobile and IoT malware

Malware’s impact extends beyond the organisation’s infrastructure as we see the threat from mobile malware grow apace.

With illegal Android apps on the increase, 2018 has seen an increased focus in malware being pushed to phones, tablets and other IoT devices.

As homes and businesses adopt more internet-connected devices, criminals have been devising new ways to hijack those devices to use as nodes in huge botnet attacks.

In 2018, VPNFilter demonstrated the destructive power of weaponised malware that affects embedded systems and networked devices that have no obvious user interface.

Elsewhere, Mirai Aidra, Wifatch, and Gafgyt delivered a range of automated attacks that hijacked networked devices to use as nodes in botnets to engage in distributed denial-of-service attacks, mine cryptocurrency and infiltrate networks.

Toshiba launches fast rotary cutter for B-EX6T1 printer
Intended primarily for industrial applications, these popular printers combine state-of-the-art technology with usability, reliability and low TCO.
How to avoid disappointment from SEO 'cowboys'
"Many business owners, even marketing managers, can find themselves out of pocket for thousands of dollars before they know it because they don't understand some of the fundamentals."
Why accelerating the uptake of tech in the NZ economy is crucial
“Historically, New Zealand has been more of a tech taker than a tech leader."
Breakthrough research to revolutionise internet communication
Every email, cell phone call and website visit is encoded into data and sent around the world by laser light.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.
Farmers looking for data to help change bad habits
It is no secret that agriculture is a massive cause of environmental issues in NZ. Farmers say they are willing to change, if they get the right data.
Gartner: A/NZ IT spending growth will surpass worldwide
2019 IT spending is expected to grow 2.2% in New Zealand, and 3% in Australia, far exceeding the 1.1% global average.
Six Easter eggs built into the Google search engine
Here’s a roundup of some of the best Easter eggs from Google Search even the sharpest among us may not have discovered yet.