Security reports from Carbon Black and Check Point Software, and a new Department of Homeland Security warning about domain name system (DNS) infrastructure attacks, promise that the year ahead will feature an active, increasingly sophisticated, and diversifying threat landscape.
Last year also saw an active threat landscape, according Carbon Black. Its new report, Carbon Black Global Threat Report: The Year of the Next-Gen Cyberattack, found that its clients averaged two attacks per protected end point per month. In all, a Carbon Black client organization of at least 10,000 protected endpoints experienced more than 660 cyberattacks daily. There were more than 1 million attacks daily across its customer base. China and Russia were responsible for almost half of the incident response episodes. The leading targets were computer/electronics, healthcare, business services, software/internet, and manufacturing.
Carbon Black predicts that a theme that dominated 2018 – next-gen cyberattacks – will continue in 2019. Cyberattacks, the firm says, are increasingly fueled by political tensions. They are growing in cleverness and are employing techniques such as lateral movement, island hopping, and counter incident response to remain hidden.
Rick McElroy, Carbon Black’s head of security strategy, defined these attacks for SDxCentral. Counter incident response, as the name suggests, are efforts on the part of the attacker to react to what the defender does. This is happening in 32 percent of incident responses, the firm says. “That might be deletion of logs, or changing their malware to evade solutions,” he said. “You see a lot of human-on-human activity. And it’s rising.”
Lateral movement and island hopping are attacks against supply chains or organizations that rely on each other. McElroy pointed to a late 2018 attack on The Los Angeles Times in which Ryuk malware delivered from overseas took down the Olympic printing plant in Los Angeles and delayed the Los Angeles Times and the West Coast editions of The Wall Street Journal and The New York Times.
Finally, there is pure nastiness. There is, McElroy said, “a huge rise in destructive attacks. [Attackers say] ‘Hey we couldn’t profit from getting a piece of code on there, I couldn’t do crypto mining, I couldn’t do ransomware, so I’m going to just burn it to the ground.’ This also [is happening to] R&D organizations, where people are working on new IP or future solutions. You see those being attacked, IP being stolen, and the infrastructure being destroyed.”
Check Point Software, in the first installment of its 2019 Security Report, found that crypto currencies are not losing their luster – at least to cyber criminals. The firm found that cryptominers, who steal computing resources in search of cyber riches, were the top four types of malware last year, and that 37 percent of organizations were impacted last year. 20 percent of organizations continue to be attacked weekly. This malware is evolving to evade sandboxes and security products.
“The end-users usually experience slowdowns and unresponsive resources,” Lotem Finkelstein, Check Point’s threat intelligence group manager, told SDxCentral. “It is still profitable to run a cryptomining campaign due to the market value of some cryptocurrencies like bitcoin and monetize…although [the value] has dropped a lot.”
The firm found that 33 percent of organization worldwide experienced mobile malware. The top three types targeted Android. In some cases malware was pre-installed on devices and apps downloaded from app stores were found to be disguised malware. The firm said that 18 percent of organizations were hit by bots. Bots are instrumental in distributed denial of service (DDoS) attacks and 49 percent of organizations experienced this type of attack last year. A bit of good news is that ransomware receded sharply last year, with only 4 percent of organizations experiencing this type of attack.
The two firms seem to agree that cyber criminals are becoming more organized, resourceful, and creative. They are, according to Finkelstein, “more targeted, more synced, and collaborative. Cybercrime attacks followed nation-state attacks and now also issue targeted attacks at specific victims to maximize revenues like in ransomware. We also see some of the powerful malware like emotet, run [a] very successful botnet that serves other cyber criminals in their way to our assists. And in general, it is a dynamic business that follows successes.”
And the beat goes on. On Tuesday, the Department of Homeland Security ordered that steps be taken within 10 business days to protect domain name system (DNS) infrastructure against a series of attacks.
This is a big deal, according to Carbon Black Chief Cybersecurity Officer Tom Kellermann. “Such an alert from DHS would be historic, essentially warning Americans that Iran has escalated cyber warfare during the U.S. government shutdown. North Korea may be following suit. It’s clear the axis of evil in cyber space is alive, well and acting opportunistically.”
SDxCentral Senior Editor Jessica Lyons Hardcastle contributed to this report.