Story image

2018’s worst malware revealed in report

02 Nov 2018

Cybersecurity company Webroot has highlighted the top cyberattacks of 2018 in its latest Nastiest Malware list, which showcases the malware and attack payloads that have been most detrimental to organisations and consumers alike.

With the threat landscape constantly evolving, the need for cybersecurity education and tools to prevent attacks has never been more vital.

Nastiest malware and payloads in 2018:

Botnets and banking trojans 

Botnets and banking Trojans are the most commonly seen type of malware, with Emotet being the most prevalent and persistent seen to date.

Three nastiest:

1.     Emotet is this year’s nastiest botnet that delivers banking Trojans. It aspires to increase the number of zombies in its spam botnet, with a concentration on credential gathering. Threat actors have recently developed a universal plug and play (UPnP) module that allows Emotet to turn victims’ routers into potential proxy nodes for their command-and-control infrastructure.

2.     Trickbot follows a similar attack plan, but contains additional modules (with more added each day) and has even been seen dropping ransomware. Imagine all of the machines in your network being encrypted at once!

3.     Zeus Panda has similar functionality to Trickbot, but has more interesting distribution methods including macro-enabled Word documents, exploit kits and even compromised remote monitoring and management services.

Cryptomining 

Criminals are quickly moving to cryptomining and cryptojacking for faster, less risky ways of netting cryptocurrency.

However, what some may call a victimless crime has a significant impact on businesses and consumers alike.

Three nastiest:

1.     GhostMiner’s distribution method is the scariest part for its victims because they don’t know its entry point, similar to a scary movie where you know someone’s in the house but you don’t know where. GhostMiner is most commonly seen being distributed via an exploit in Oracle WebLogic (CVE-2018-2628).

2.       WannaMine’s Windows management instrumentation (WMI) persistence technique is extremely nasty, allowing it to remain stealthy and difficult to find and remove.

3.       Coinhive, initially innocent, was quickly added to the standard toolkit for attackers compromising websites. Even legitimate website owners are using Coinhive without knowing the impact it will have on their visitors. If your computer processing power (CPU) spikes to 100% when simply visiting a website, it might be Coinhive.

Ransomware 

Ransomware has taken a backseat to the top threats in 2018 due to the rise of cryptomining. However, ransomware has become a more targeted business model for cybercriminals, with unsecured remote desktop protocol (RDP) connections becoming the focal point of weakness in organisations and a favourite port of entry for ransomware campaigns.

Three nastiest:

1.     Crysis/Dharma goes hand in hand with the term “compromised RDP.” This ransomware has been evolving to remain one of the top dogs of the ransomware as a service (RaaS) world and specifically targets the RDP vector. System administrators consistently return to work after a weekend to find one or more of their machines encrypted, usually without knowing the source.

2.     GandCrab is yet another RaaS. It is especially nasty, as it is distributed via malspam campaigns, exploit kits, and RDP. Another interesting fact is that it uses the .bit TLD (top level domain), not sanctioned by ICANN, providing an added level of secrecy.

3.     SamSam, initially distributed via a JBoss exploit, soon turned to RDP and is now bringing down entire cities (or portions of them at least). You’ve likely seen these attacks in the news for taking down the city of Atlanta or the Colorado Department of Transportation.

Webroot senior threat research analyst Tyler Moffitt says, “This year, we’ve seen cyberattacks changing faster than ever, evading traditional defenses and wreaking havoc on businesses and everyday internet users alike.

“From gaping security holes, such as unsecured RDP, to tried-and-true tactics like phishing and exploits, to stealing crypto in the form of CPU power, cybercriminals are exploiting vulnerabilities in increasingly malicious ways.

Moffitt says, “Businesses and individuals must be vigilant, stay informed, and focus on improving their overall cyber hygiene to avoid the devastating effects of these attacks.”

Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.