Cyberattacks have never seen such a degree of sophistication in the hands of criminals. Unfortunately, 2017 was a terribly prolific year for ill-intentioned hackers, and though cybersecurity may be evolving, attack techniques are evolving even faster. How will we rise to the challenge going into the new year?
Ransomware, the star of the show
As we analyzed in the PandaLabs Annual Report for 2017, what has become clear is that extortion and cyber hijacking were the main avenues of attack for the year. This past year marked a milestone with the expansion of two major attacks whose names will remain engraved in history: WannaCry and Petya/Goldeneye.
The first was especially impactful. With hundreds of thousands of computers infected and unusable, WannaCry was a global crisis for companies who found themselves blackmailed by cybercriminals. Other important attacks of 2017 related to ransomware were Reyptson, Leakerlocker, Osiris , and WYSIWYE. And the list goes on.
NotPetya, a variant of Goldeneye, had clear political motives aiming to disable critical systems in Ukariane, according to the Ukrainian authorities. It spread exponentially via a security gap in the MeDoc update service, taking advantage of the EternalBlue exploit.
But we shouldn’t lose sight of “traditional” DDoS attacks that continue to be widely used, as well as the proliferation of all types of malware, whose activities can be linked to half of the security breaches suffered this past year.
More attacks and better techniques
Due to the proliferation of “tools” on the black market, attacks have become increasingly sophisticated. The democratization of technology and the rise of open source solutions have provided an incredible opportunity for cybercriminals.
Now, practically anyone can buy specialized malware to perform a ransomware attack for a few hundred dollars on the black market. This was the case of WYSIWYE, an interface for setting up an RDP (Remote Desktop Protocol) attack using brute force to gain access to user credentials. Once inside the network, the tool’s user can encrypt the content and subsequently extort the company for a ransom.
Penetration through the Remote Desktop Protocol (or RDP) has become a very common method of infiltrating systems. In 2017, the Trj/RDPPatcher Trojan was discovered, capable of modifying the Windows registry with the intention of changing the type of validation order of the RDP. It collects system information and connects to the command and control (C&C) server to decide how best to evade control of the system’s antivirus.
The backdoor discovered in the CCleaner software, known as HackCCleaner, which compromised more than two million users before analysts became aware that their application had been infected, is another example of a technically sophisticated and well-organized attack.
A new era in cyberwarfare
As the efficiency of attacks and number of techniques increase, so does the interest of companies, government entities, and home users in maintaining effective cybersecurity practices. New groups of cybercriminals were discovered that take advantage of the increased availability of hacking tools. (See, for example, the case of “Eye Pyramid”, an espionage ring that had broad influence in Italy).
Other criminal organizations choose to obtain consumer information to pirate content. Especially important are the leaks related to large companies and producers such as Netflix or Marvel.
This means that millions of gigabytes of personal data are endangered day after day despite efforts to prevent it. This is the consequence of an increasingly complex and rapidly evolving struggle, where many countries are making important bets on cybersecurity while at the same time the technological fabric stretches to include the Internet of Things (IoT), where connected cars, refrigerators, and an endless cornucopia of other devices will become part of the ever-growing battlefield.