We are well into the second half of the year already, and 2018 is turning out to be wildly different from the past year. The dominant story in 2017 was definitely ransomware, especially those employing cryptography to lock individuals and organizations from their systems and important files unless a hefty ransom was paid into a bitcoin wallet. However, with the rise of cyber-insurance and increased awareness of these tactics, fewer companies are paying up and are instead relying on backups and prevention. For 2018 we are seeing a few developing threats that are now turning into definite trends.
Surreptitious Bitcoin Mining
2018 has shown a dramatic rise in another, far less brazen attack than ransomware. In bitcoin mining, malware is introduced onto an end-user’s device, often through email. This malware then allows bitcoin mining software to be silently installed on the system, exploiting the computer’s CPU resources to mine for bitcoin, and sending the results back to command-and-control servers. All the while, the end user may be completely unaware they’ve been compromised, other than their system generally responding slower and maybe their CPU fan spinning higher than normal. We are now seeing malware that is smart enough to ‘throttles down’ its execution to prevent its host from becoming aware of the extra load; much like a parasite.
This trend actually started late last year, when in October the detection of bitcoin mining malware by Trend Micro spiked from less than 25,000 to over 115,000 in just one month. A Skybox security report shows that the rate of crypto-mining malware among all types of detected malware rose from only 7% in the second half of 2017 to 32% of threats in the first half of 2018. The rate of ransomware was almost a mirror opposite, seeing a huge decline.
Advanced Email-borne threats
The increase in these threats have been an ongoing trend, but they’re really showing their presence this year. Simple ‘spam’ emails and ‘virus’ delivered via attachments are no longer the main threat. Because of the recent increases in adoption of spam fighting technologies like SPF and DKIM records (and now DMARC), mass spamming is becoming ever-increasingly difficult. Similarly, delivery of virus via email attachments is becoming less of threat due to the prevalence of virus scanning technologies installed by default on most cloud email services and email security solutions, which now a full 98.9% of respondents in a GreatHorn survey say they have in one form or another. Simple, attachment-delivered viruses have a hard time making it past the quarantine, so the threat is adapting and becoming more complex.
Attackers are getting smarter and shifting focus to advanced impersonation techniques, which are much harder for standard spam/virus solutions to detect. These include spear phishing, credential phishing , falsified invoices or wire requests, etc. Unlike standard spam, these attacks are not easy to detect via IP reputation because they do not involve spewing millions of emails per day; they’re much more targeted. They are often custom-crafted emails, made to impersonate legitimate emails from a user’s bank, a vendor or business partner, and others. These emails are sent from legitimate emails accounts with valid SPF and DKIM records, and from servers not on any blacklists. Often they’re sent from ‘cousin domains’ (e.g. whitehouse.net instead of the legitimate whitehouse.gov) that appear reputable on initial inspection. 65% of email security professionals surveyed said they or their users regularly encountered impersonation emails, 42% encountered service spoofing (fake Docusign emails, fake UPS emails, fax notifications, etc.) and 34% encountered credential theft (fake login pages to online banking, Facebook, etc.). All of these threat types beat the occurrence of the more traditional threats such as payload attacks (33%).
Fortunately, the general public and IT security professionals alike are recognizing the threat. 54.4% of respondents in a decision-making role rated “Email Security” as the #1 IT security threat, over 10 points higher than “Data Security”, the next highest. Importantly, they also seem to place an high importance on proper end-user training to recognize these threats: 55.4% of respondents indicated that user awareness training was part of their email security plan. This is one of the most effective means to combat these threats since they are so hard to automatically for software solutions to automatically detect, but with the right education, an employee can easily detect and delete these emails.
GlobalCerts has been laser focused on securing and protecting email communications from the latest threats for over 15 years now. To learn more about how we can help protect your organization, please Contact sales today, toll free at (855) 614-2378 or sales@globalcerts.net.
References:
https://lp.skyboxsecurity.com/WICD-2018-07-Report-VT-Trends-MY_03Asset.html
https://info.greathorn.com/hubfs/Content%20for%20Resources%20Page/2018%20Email%20Security-FINAL.pdf
