Story image

Cybercrime tools and services becoming increasingly democratised

07 Feb 2019

Cybercrime is becoming increasingly democratised - and not in a good way.

According to the second instalment of Check Point’s 2019 Security Report, the tools and services used to commit cybercrime have become well-managed with advanced attack methods now readily available to anyone willing to pay for them as part of the surging ‘malware-as-a-service’ industry.

“The second instalment of our 2019 Security Report shows how cyber-criminals are successfully exploring stealthy new approaches and business models, such as malware affiliate programs, to maximise their illegal revenues while reducing their risk of detection,” says Check Point Software Technologies chief marketing officer Peter Alexander.

“But out-of-sight shouldn’t mean out-of-mind: Even though cyberattacks during 2018 have been lower-profile, they are still damaging and dangerous.”

There were many highlights of the report, which included:

  • Cryptominers have been actively digging undetected on networks, having infected 10x more organisations than ransomware in 2018. However, only one in five IT security professionals were aware their company’s networks had been infected by mining malware. 37 percent of organisations around the world were affected by cryptominers in 2018, while 20 percent continue be hit every weel despite an 80 percent decline in cryptocurrency values.

  • Organisations are underestimating the threat risk of cryptominers, as just 16 percent stated cryptomining when asked what they rated as the biggest threat to their organisation - compared with phishing with 66 percent, ransomware with 54 percent, data breaches with 53 percent, and DDoS attacks with 34 percent. Check Point says this is concerning as cryptominers can easily act as stealth backdoors to download and launch other types of malware.

  • There has been a significant rise of malware-as-a-service, as the GandCrab Ransomware-as-a-Service affiliate program shows how amateurs can now profit from the ransomware extortion business as well. Users are able to keep up to 60 percent of the ransoms collected from victims, while the developers keep up to 40 percent. GandCrab has over 80 active affiliates, and within two months in 2018 had infected over 50,000 victims and claimed between US$300,000 and $600,000 in ransoms.

“By reviewing and highlighting these developments in the Report, organizations can get a better understanding of the threats they face, and how they prevent them impacting on their business.”

Aerohive launches guide to cloud-managed network access control
NAC for Dummies teaches the key aspects of network access control within enterprise IT networks and how you can secure all devices on the network.
Sungard AS named DRaaS leader by Forrester
It was noted for its disaster-recovery-as-a-service solution’s ability to “serve client needs at all stages of their need for business continuity.”
Gartner: The five priorities of privacy executives
The priorities highlight the need for strategic approaches to engage with shifting regulatory, technology, customer and third-party risk trends.
Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.