The December sum-up is something of a sacred tradition. With that in mind, let’s get started!
This time last year, we called 2016 the year of ransomware. There were indeed a lot of cryptors and blockers in a variety of guises, and the overall scale of infection was pretty serious. But it turns out that the title of “year of ransomware” truly belongs to 2017. The WannaCry, ExPetr, and BadRabbit epidemics were like nothing we’d seen before. In terms of scope, WannaCry can only be compared with the global outbreak of the Conficker worm in 2008–2009, one of the largest epidemics in living memory.
Mind you, our experts reckon that 2018 won’t be another year of ransomware. Their place at the top of the common threat list will be taken by hidden cryptocurrency miners, which are already gathering steam. But more about them later.
Attacks on financial companies
2017 saw no shortage of attacks on financial organizations, a perennial favorite target for hackers. In October, our experts discovered in the dark Web a new, easily available piece of malware called Cutlet Maker, which preys on ATMs. By handing over just a few thousand dollars, rookie hackers could launch devastating attacks on ATMs — the malware included instructions and almost everything they needed. Some unlucky intruders got caught red-handed, but the malware creators made a killing.
Another continuing trend in this area is attacks from inside the banking structure. In October, we uncovered a new cybercrime group, called Silence, that attacks financial organizations. Most of the victims were Russian banks, and the group itself appears to be Russian-speaking. They could be said to be the heirs of Carbanak, a group that in 2015 carried out a headline-grabbing targeted attack on banks.
Silence is just one of many targeted attack campaigns, or APTs (advanced persistent threats). Throughout 2017, we observed about 100 hacker groups active in this category. That’s doubled from 2016. What’s more, only about ten of them, including Silence, have commercial interests — the others are aimed at cyberespionage and seeking data inside state agencies and oil-and-gas companies. That’s basically what we predicted at the end of last year: Hacker groups have begun to operate more actively in the interests of certain political and economic forces.
A new vector of targeted attacks that we’ve seen this year is software vendors whose products are used by large companies. The upshot is that criminals have cottoned on: instead of attacking impregnable corporate systems, it’s easier to go after the software they use.
A good example is the high-profile attack by the Axiom group on the producer of CCleaner, a popular Windows Registry cleaning tool. Hackers injected malicious code into a program update that was downloaded by about 2 million users worldwide. The victims were a select group of around 20 large firms. After the malicious update had penetrated their systems, the malefactors continued digging into their networks.
Cryptocurrencies and mining
The price of Bitcoin has shot up 15-fold over the year, and Ethereum a staggering 48-fold. Cryptocurrencies have had an unprecedented impact on the global economy this year, and they have already transformed the venture investments market: ICO-raised funds in 2017 hit $3.5 billion, while the more traditional IPO format pulled in just $1 billion.
As we expected, new threats and vulnerabilities appeared as a result. For a start, the door was opened to a wide variety of attacks, from phishing and hacking to substituting Bitcoin wallet numbers in the clipboard. We even saw a new modification of so-called Nigerian spam, in which people were offered tokens in exchange for sharing their wallet address. (Give your address and your money gets stolen.) Incidentally, $300 million, or almost a tenth of the funds raised through ICOs in 2017, was stolen by criminals.
But that’s not all. The new reality gives free rein to new forms of enrichment. One of them is hidden cryptocurrency mining, mainly browser-based. Websites are infected with a script that allows visitors’ computers to be used for mining without their knowledge.
So now, having analyzed what’s been going on in the world of cybersecurity, we’ll tell you what we think lies around the corner.
Predictions for 2018
- Attacks on software vendors are set to multiply. The cases of CCleaner and M.E.Doc (a software company whose update server was used to distribute ExPetr) clearly demonstrated that a successful attack on the maker of a single program can put all of its potential users at risk.
- Automated attacks on ATMs and out-of-the-box solutions to hack them. So far we’ve seen ATM hacking solutions that essentially involve a flash drive attached to a kind of stick. Clearly, this method is not particularly effective against ATMs under constant surveillance, but that’s unlikely to prevent attackers from giving up on them. New hacking methods will be developed, some of which could be remote.
- Attacks on new devices at a deeper OS level. The vector of targeted attacks is already shifting from traditional PCs to a host of new devices, including smartphones and the IoT. Attackers are trying to operate at a lower level inside the OS to avoid detection by protection control systems, for example, at the UEFI level — processor firmware that runs before the OS does.
- More targeted attacks involving the use of ransomware. Attackers have already mastered precision strikes against large companies, carefully choosing the time of attack — ExPetr, for example, encrypted files a few days before a tax return was due, with the aim of provoking the company into paying up frantically. It’s likely we’ll hear about more such stories.
- Cryptocurrency fraud and attacks on virtual valuables in the blockchain. Attacking cryptocurrency accounts and mining illegally at the expense of individuals and companies are already more profitable for criminals than pursuing traditional banking systems and online banks. In addition to the mushrooming of different kinds of covert mining, we’re set to see new types of attacks on cryptowallets, as well as vulnerabilities in the blockchain. And given that cryptocurrency valuables are being created as we speak (for example, the much-hyped CryptoKitties), it’s safe to assume that they will be in the sights of cyberthieves.
We’ll have to wait and see which of these predictions materialize. But for now, have a great festive season and stay safe!