Malware: a retrospective of 2018

Back to Press Archive

While 2018 was free of massive attacks splashed on the front pages of newspapers, it did see the emergence of a host of new malware threats. The malware was in many cases highly sophisticated, but still did not manage to replace good old ransomware, from which we have not heard the last. The Stormshield Security Intelligence team looks at the state of play in the world of malware in 2018.

So in 2018 there were no huge threats that grabbed the limelight like WannaCry, but there were a series of increasingly sophisticated malware programs. Exhibit A was the discovery last spring by Kaspersky Lab of Slingshot. This computer virus is regarded as one of the most advanced to date, a “masterpiece” according to the Kaspersky Lab researchers who uncovered it. Using two modules, GollumApp and Cahnadr, the Slingshot malware program can take full control of the infected computer and perform multiple functions: recovering any type of data, taking screenshots, and sniffing keystrokes. Hard to detect, it even goes so far as to adapt to the security solutions deployed against it using an “anti-debugging” strategy. It is worth noting that this virus targets not only websites, but also computers connected to the MikroTik router.

A major breakthrough for cryptojacking

With the exception of Slingshot, malware’s rising prominence this year was due to malicious cryptojacking tools like Coinhive and Cryptoloot. According to the Skybox Security report, this type of cyberthreat accounted for 32% of attacks in the first half of 2018 compared with 7% in the last six months of 2017. And the volumes put forward by another cybersecurity player in December 2018 even suggest a 4,000% increase in one year! Prized by non-expert cybercriminals because it is low-risk but very high-reward, cryptojacking means infecting a PC with malicious software that harnesses the computer’s processing power to steal cryptocurrency. It hijacks the mining technique, a process based on intense mathematical calculations designed to generate cryptocurrency but also to verify, authenticate and validate the transactions performed in this currency.

The risks of social hacking

Another fast-growing threat is this fraud targeting social media users. According to a report by another cybersecurity playerthe use of social engineering and manipulation techniques to trick internet users grew by 485% in the third quarter of 2018 compared with the same period of the year before! It is a threat that could expose companies’ sensitive data. But any employee is a potential target for social hackers: “cybercriminals are spending more and more time finding out the interests of people working for targeted firms before sending them a personalised email, enabling them to get into a company’s system and steal its data”, explains Stéphane Prévost, Product Marketing Manager at Stormshield.

Multifunctional botnets

The last important key feature of 2018 was the growing use of multipurpose botnets that are versatile enough to perform almost any task. These networks of infected computers are controlled by cybercriminals and used to spread malware and facilitate denial-of-service (DDoS) or spam attacks. According to the August 2018 Kaspersky report, the volume of RAT files like Njrat, DarkComet and Nanocore spread by botnets almost doubled, from 6.55% to 12.22 %, compared to the first six months of 2017. “The Pony RAT, for example, is unsophisticated but easy to come by and focuses on under-protected targets”, says Paul Fariello, a member of the Security Intelligence team.

Ransomware: the real threat

But all these “new” attacks should not cause us to lose sight of the fact that good old ransomware is more dangerous than ever. SamSam, a ransomware family active since 2015, was behind incidents such as a very high-profile attack on the city of Atlanta in March. In this field, cybercriminals are not short of inventiveness, as proven by ransomware like GandCrab and DataKeeper, which update almost daily. “While attacks have certainly become increasingly complex, conventional ransomware (which encrypts data) remains by far the biggest threat to micro and small businesses“, says Paul Fariello. So now is not the time to drop your guard!


Stormshield

A European leader in digital infrastructure security and a wholly-owned subsidiary of Airbus CyberSecurity, we offer smart, connected solutions in order to anticipate attacks and protect digital infrastructures. Our mission: to ensure the cybersecurity and data protection of organizations, their employees, and their customers. Our expertise is available in three complementary product ranges for seamless security: Protection for industrial and IT networks (Stormshield Network Security), protection for servers and workstations (Stormshield Endpoint Security) protection for data (Stormshield Data Security). As per our Multi-Layer Collaborative Security approach, our product ranges interact with one another to raise the security level of IT, OT, and Cloud environments, regardless of the attack point.
These trusted, cutting-edge solutions are certified at the highest level in Europe (EU RESTRICTED, NATO, ANSSI EAL3+/EAL4+). Present in over 40 countries via our network of distributor partners, we ensure the protection of strategic information for companies of all sizes, public administrations, and defense agencies throughout the world.
For further information please visit: www.stormshield.com/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to Press Archive