1. Phishing meets COVID-19
In a phishing attack, a digital message is sent to fool people into clicking a link inside of it. There are several possibilities for malicious actors to use such campaigns. Depending on the intention of the actor, harmful malware is installed or sensitive data is exposed.
During the current Corona crisis, the people are are at home more often. Adding to that, employees are working from home more than ever before. This presents itself as great breeding ground for cyber criminals.
Phishing attacks are setup in a way to send the victims to websites with fake information about the Coronavirus. Often times, these sites use the user's system resources to earn cryptocurrency like Bitcoin - All without the approval of the user - Read more.
Be sure to give our security awareness trainings a completely free try, If you feel the healthy need to protect your work better!
2. Clever ransomware?
Due to the profitability, ransomware was present in 2020 and won't fade away anytime soon. Ransomware encrypts files on computers and ask the user for a ransom in return of the original files. The rise of a cryptocurrency like Bitcoin surely helped ransomware attacks, as it allows the malicious actor to be more anonymous.
In the case of the Cyrat ransomware, the ransomware was disguised as software to repair corrupted DLL files on the computer. In reality, parts of the system are encrypted during execution.
In 2021 and onwards, it's possible to see more sophisticated attacks going on. Ransomware could ask for a dynamic ransom, depending on the environment in which it's executed. For example, a ransomware running on a Mac could ask for a higher ransom than on a Windows machine. That's because Mac setups usually cost more money than Windows setups. From this, an assumption about the relative net worth of a person behind such a setup can be made.
3. Polyglot files - Just a .JPG, isn't it?
Polyglot files are a valid form of multiple different file types. A file can be both: Opened as image with an image viewer or run like JavaScript within the browser.
This method is used in advertising fraud already. It could get worse once there are no more skills required to build such malware. Specialized services could offer the creation of such files in return for a payment - source.
Polyglot malware isn't limited to the web. In a case, a malicious JAR file was appended to the end of a windows installer file (.MSI). Security solutions that rely on the Microsoft Windows code signing validation can be bypassed with this - source.
4. IoT attacks and the growing impact
The Internet of Things (IoT) grows in connected devices by every year - source. Forecasts suggest, that in 2025 the number of connected IoT devices will be more than 75 billion - Tripled from the year 2019.
We get it, connected devices makes living more comfortable. It's nice to wake up on an already made coffee, because your alarm clock is connected with the coffee machine. However, to this convenience there comes a catch. If the IoT devices aren't properly secured, they could be open to bad actors.
In 2020, we observed an IoT botnet. The botnet was placed on vulnerable access control systems, which are commonly found in office buildings. You might have entered such a building with the swipe of your keycard before, without the knowledge that the system is infected.
5. Social engineering and cryptocurrency
In an attack that uses social engineering, not only the technology is at focus. Social engineering targets the human aspect. Phishing is a prominent example of it. Social engineering can occur in any form sensitive information can be gathered - In an email, face to face or even via a phone call.
Sim swapping is an attack where the bad actor gains access to the SIM card from the victim. Due to clever social engineering, the mobile carrier is tricked into thinking that the bad actor is the real customer. If successful, the bad actor gets the control of the SIM card and receives the text messages and phone calls. This attack is also used to gain access to social media accounts or cryptocurrency wallets.
Social engineering can also be purely reliant on the social aspect. The service employee to "fix your bad WiFi" might not be who you think it is. Companies usually make appointments with you upfront. It generally makes sense to decline such spontaneous appointments.
6. Malvertising on your Facebook feed
Malvertising stands for malicious advertising. Here, online ads are used to distribute malware. This usually works by adding malicious code snippets into ads. The ads are then shown on lots of websites, which use the the advertising network with the intention to profit from the ads. The websites seldomly have control over the ads shown. It's the advertising network that needs to act on this problem.
A more recent malvertising campaign originates from the "ScamClub" group, which targets the Safari browser. The malvertising campaign exploited a privilege-escalation vulnerability known as CVE-2021–1801. The threat actors may gained unauthorized access to the affected systems - source.
Facebook might be less secure than you think. In a malvertising campaign that distributes the "Mispadu" banking trojan, Facebook ads were used. The ads show fake coupons for McDonalds. After a click on the advertisement, the user is prompted to download an archive that leads to the trojan - source.
7. Identity theft in COVID-19 times
In the United States alone, the number of identity theft cases has doubled from 2019 to 2020 according to a blog post by the Federal Trade Commission (FTC). The FTC received roughly 1.400.000 cases of identity theft in 2020. There were lots of repeated cases of cybercriminals who target people that are affected by the COVID-19 pandemic financially.
Cybercriminals abused the government unemployment benefits meant for jobless people affected by the pandemic. The fraudsters filled claims using information from other people. There were 12,900 reports about identity theft regarding unemployment benefits in 2019. In 2020, there were 394,280 cases. That's a surge of over 3.000%!
So what's the takeaway message? Identity theft will very likely continue. In turbulent times like we're in now, such malicious activity is growing even more rapidly. The fact that the focus is more on an acceleration of time-to-market rather than security does very little in the way of instilling any hope of this getting better. And when you look at the things that happened at Facebook and LinkedIn in the past few weeks, where malicious actors were able to just scrape the data off public APIs, one cannot help but wonder about whether privacy is a matter of concern at all for some companies. Contrary to what both companies claim, the fact that data is "old" does by no means imply that it cannot be abused for thing like identity theft.
8. Passwords - Knowledge vs. action
RiskBased Security's "Data Breach" report from 2019 found 4.1 billion compromised records. Passwords are contained in 65% of those breaches. It can fairly be assumed that this trend continues throughout 2021.
Tip: use the site https://haveibeenpwned.com/ to check if you're affected by an exposed breach.
In an online security survey by Google, 52% of the people reported to reuse the same password for multiple (but not all) sites. This is alarming, because a bad actor could get access to multiple accounts with just one password. Worth to mention here is that 79% of the people think that updating security software is important, while 33% don't update regularly. There's a gap between knowledge and action!
Passwords are still a top attack vector for organizations, a study found. 42% of the respondents indicated security breaches due to a password compromise.
9. Zero-day exploits - The heavy hitter
Attacks that use zero-day exploits are hard to counter. As the name suggests, zero-day exploits are used to attack systems before they are patched.
In 2016, we reported about a zero-day exploit within the Firefox browser that targets Tor-users. The exploit seems to attempt to deanonymize Tor-users.
More recently, Microsoft Exchange Servers were affected by zero-day exploits. The actors were able to access mail accounts, steal data and even drop malware on the compromised machines - source.
As zero-day exploits in widely-used software offer criminals a wide attack scope, we believe that zero-day exploits will still be an important security threat in 2021 and beyond. This is especially true when looking at the fact that there is an increasing push from policy makers for authorities to "stockpile" such vulnerabilities for use in investigations - which we at G DATA think is a terrible idea, and we are not alone in that assessment.
10. Insider threats - Do you trust your colleague?
A lesser publicly known threat that affects businesses small and big are insider threats. Here, anyone that is or was in contact with the company's internal structures is a possible suspect.
Verizon's report from 2019 reveals stunning data - 57% of all database breaches involved insiders!
Small businesses are at greater risk, as employees are often able to access more parts of the internal network compared to bigger businesses. A good counter-measurement against insider threats is to limit the privileges of an employee only to the necessary areas.
Tracking the action of employees is a double edged sword. It's good to detect the bad guys, but it's bad for honest employees who could feel monitored.
11. Deepfakes - Be more data sensitive!
With the use of artificial intelligence (AI), an image or video of a person is taken to display an activity that in reality didn't happen. This is known as a deepfake.
Here you can see an example of a video with a deepfake of Donald Trump and Joe Biden: https://www.youtube.com/watch?v=cxnsIUDpi-g
While deepfakes can be fun and amusing, they have a decidedly dark side and are a threat to be taken seriously.
Thinking of online identities, deepfakes could be used to fraudulently verify an identity or even creating accounts on behalf of another person. The technology has also been used to create fake videos of celebrities in compromising situations. As technology usually gets more sophisticated over the years, we believe that the quality of deepfakes will do so as well.