January 2, 2019
The Year in Malware
2018 is done and as they say, “put a fork in it”! We are also ready to put a fork in 2018’s IT Tips of the Month. This month we won’t be doing another technical tip. Instead, we are going to look back on 2018 from the perspective of Malware and not just see what happened, but what positives can be found there as well.
Ransomware has been the big boogieman of the malware world for several years now. But, surprisingly in 2018 there was an overall decline in Ransomware variants and infections. There are numerous factors for this, such as a higher refusal to pay, heightened awareness and overall better detection methods, but the biggest factor is likely the decline in value of Bitcoin and other cryptocurrencies. The return on investment simply isn’t what it used to be. This certainly shouldn’t be taken as a sign to treat the risk of Ransomware lightly. Frequently in the case of Malware, a forgotten strategy can suddenly find new life as technology evolves.
Crypto Mining Malware
With the decline in Ransomware, something had to step up to take its place. For 2018, that something is Crypto mining Malware. What is Crypto mining malware? Crypto mining in general, is the processing of an algorithm to “mine” cryptocurrency, such as Bitcoin. Crypto mining Malware takes that process and uses it as malware, distributed across many systems. So, instead of having one powerful computer running the algorithm to generate cryptocurrency, you spread it across as many systems as possible. Thus, having each do just a little, so it typically goes unnoticed to the end-user and administrators. McAffee reported a $4,000% increase in Crypto mining malware in 2018. So, expect this to continue to grow.
As defense improves, awareness increases, and systems evolve to better defend against attacks. Therefore, the attackers evolve and improve their methods. The year 2018 saw more and more threats leave behind the automated spam bots and random propagation methods for attacks that were directed specifically at individuals or corporate networks. Remember that email from the President of your company asking you to wire some money or purchase a bunch of gift cards? Those weren’t just random spam that happened to get the names right. They were targeted at you and your company by someone that took the time to learn the people and processes involved in your company to better allow them to exploit your weaknesses for their gain. Social media and our overall willingness to put information online has helped these types of attacks immensely and they’ve been very effective.
The Dark Web Rises
In 2018, the Dark web became something of a household name, but many still don’t understand exactly what the Dark web is. Let me take a moment to explain:
There are basically three parts to the world wide web: public web, deep web, and dark web.
(1) The public web is everything that’s publicly available and accessible through search or typing a URL into your browser.
(2) The deep web also known as the invisible web, is all the content on the web that is not indexed by standard search engines; such as email clients, online banking websites, pages that are inaccessible to crawlers and the software that indexes the web for search engines. Some of those pages can still be accessed if you have the URL while others require you to have login credentials.
(3) The dark web is a tiny fraction of the web that is only accessible through specialized software such as the Tor browser and is commonly used to facilitate the trade of illegal content or stolen data. When you hear about a company having been breached and losing thousands of Social Security numbers, this is where that information typically ends up. Malicious actors can purchase this information and use it in their nefarious campaigns.
While mobile devices such as phones and tablets are typically far more secure than an ordinary PC due to their closed nature, it’s still possible for phones to become a target for malware. In the past, attacks have come from both browser-based exploits and malicious applications. The latter saw a significant rise in 2018 as mobile app stores were flooded with malicious apps that were due to the sheer number of people who were able to access them.
Positives for 2018
While malware in general had its biggest year ever, it’s not all doom and gloom. We saw a lot of positive signs that should help us in the fight against malware
Awareness is up – Due to the success of malware and its insertion into the mainstream news, people are more aware of it than ever. This leads to more people being aware of what NOT to do when something suspicious happens.
We’re more proactive than reactive – According to the 2018 IDG security Priorities Study organizations are approaching their security spending proactively, based on best practices and industry guidelines rather than playing catch-up and responding to attacks against other organizations. Also, compliance regulations are pushing businesses to act rather than react.
Detection and prevention methods continue to improve – Everyone is continuing to step up their game when it comes to malware detection and prevention. Traditional anti-virus applications are becoming more robust, 3rd party scanning services are evolving quickly, and operating systems are becoming more capable of not just finding and stopping a threat, but also protecting data in the event something does make it through.
Thanks for reading our final IT Tip of the Month for 2018. We hope you’ve had a great 2018 and we’re looking forward to another great year in 2019. Happy New year!
- The McAfee Labs 2019 Threats Predictions Report
- Talos: The Year in Malware – 2018
- McAfee Labs Quarterly Cybersecurity Threats Report – December 2018
- IDG’s Security Priorities Study – 2018
This tip written by Abel Solutions IT Services Manager, Jason Casteel.