If it seems like cyber issues are around every corner these days, you aren’t imagining things. In episode 128 way back in November 2017, we discussed the fact that we thought there were signs of a coming cyber storm. Today we look at what is going on and see if we may actually be in the midst of that storm or is it still building.
There is certainly enough happening out there to think the storm has hit.
Tax season scams – W2, tax refund, fraudulent filings are all out there this time of year. Do not fall for them. That is just our public service announcement for today.
The big news has been about Allscripts being hit hard by a ransomware attack. The Sam-Sam attack didn’t hit just them, though. Several other healthcare organizations were also hit around the same time.
Malware report shows interesting trends
The Malwarebytes Labs malware report also has some scary details when you add all of this information together. Just a few of the findings we found interesting included cryptocurrency mining and supply chain issues.
Our first prediction comes during a period of cryptocurrency fever, where drive-by mining and skyrocketing values are driving interest from both users and criminals alike. If this craze continues, we are likely going to keep seeing an evolution of drive-by mining tools, new mining platforms (such as Android and IoT devices), and new forms of malware designed to mine and/or steal cryptocurrency.
This past year experienced two notable supply chain attacks: the spread of NotPetya through the MeDoc accounting software update process and the compromise of CCleaner software. This will continue to be an avenue that cybercriminals take as long as they can break through the defenses of software development company networks. This may lead to infection through update/upgrade, replacement of legitimate downloads with malware, drive-by exploits, and even database updates for security software.
The charts in the report were very interesting. Source: Cybercrime tactics and techniques: 2017 state of malware by Malwarebytes Labs
The Malwarebytes reports pointed out this strange spike in spyware at the end of last year (it started in July – August) didn’t seem to go away (chart above). It is possible that they are scouting the networks for access points and information on your traffic using the spyware. This data can definitely be used to gather connections needed for advanced spear phishing attacks.
By watching who is connected to whom and learning who has access to the valuable data they can develop an attack plan that works quickly and gets the most data. We already know of cases where they listened to VOIP voicemail while snooping around on a network. In fact, they listened to voicemail messages between senior officials and used the information to short stocks and make a bunch of cash.
Along with the spyware detections during the same time hijacking incidents went up, also. The report does include interesting distinctions between business and consumer based attacks. That lets you see the stark differences. It is important, though, to remember that one business has way more information that one consumer. At least in most cases. That means they have to hit thousands of consumers to get the same result as one business of any size. When we reviewed just the business malware the top 10 detections started with hijacking while it was adware for consumers
Cyber issues with your phones
Heads of 6 US intelligence agencies say we should not use products and services made by Huawei and ZTE. The intelligence agencies are starting to see issues, Huawei – founded former engineer by People’s Liberation Army of China. Potentially spreading malware and capturing every move.
Should we use Kaspersky AV?
- Don’t think Kaspersky company itself, done great research, great info in fighting malware (good people)
- Another side – if I had asked Microsoft, Apple, Google – CIA could use your software to spy on people they would have said “no”. If our government can do it, Putin isn’t doing it.
- If he goes after those engineers, could assume if you told him “no” you may disappear
- Any way they can prevent that from happening
- Software is monitoring everything on the computer and sending info to be analyzed
- No evidence that they are working with the government
- From SRA standpoint – am I willing to take that risk?
After all of these discussions, we still come back to training. The importance of training can not be overstated. The only chance you have, in many cases, is to make sure the person under attack knows enough to stop the attacker instead just enough to be dangerous as they say.