Gatewatcher 2018 Cybersecurity Report
- Has crypto jacking became stronger than ransomware? 500 million of users worldwide were victims of crypto jacking in 2018. Crypto jacking is profitable, easy to set up and hardly detectable. The crypto currency boom has given ideas to hackers: to make money by using someone’s equipment (Coinhive, Cryptoloot, JSEcoin…). Adware (advertising software) and crypto jacking blur the limit between the legitimate use and cybercrime aimed to infiltrate infrastructures. As long as the breach has not been found, it continues to give the hacker a regular income flow.
- SIM Swap is also a major technique. Login codes, 2FA code (two-factor authentication) or 2SV (two-step verification) recovery allow hackers to collect a lot of information on its victims. In July 2018, a man has been arrested in Los Angeles for hacking around 40 phone numbers and stealing more than $5 million.
- Ransomware are still a major threat. More and more companies, especially in health sector, have been attacked. Ransomware is not dead, it’s evolving and is becoming sneakier.
- Cybercriminals are turning to fileless attacks (Cactus Torch for example). The code is sent directly to the device RAM, while anti-virus software are mostly analysing mostly static files. The attack is extremely difficult to detect since no software is installed on the user’s computer. McAfee Labs noted that fileless cyberattacks increased by 432% compared to 2017.
- Phishing continues to cause damages. Vade Secure developed this year the first edition of « Phishers’ Favorites » report. It gathers 25 most usurped brands by criminals to conduct phishing campaigns. For example, in the US, the top 5 brands are Microsoft, Netflix, PayPal, Bank of America and Chase.
Another trend to watch is the targeting of attacks getting more and more precise. Initiated in 2018, it should become more and more common. Nowadays, most attackers are focused on qualified targeting (companies or individuals) to maximise their attacks efficiency, be more profitable and cause more damages. Cyber-attacks on mobile devices and IoT will also be widely used. Indeed, it is no longer necessary to be a genius programmer to hack. As we have seen before, malware as toolkits are now available on the DarkWeb (Malware as a Service, Exploit kits…). Android malware are particularly accessible thanks to the AFE framework (Android Framework for Exploitation). The democratisation and multiplication of connected objects at home or at work are creating new entries points for attackers. It allows to operate DDoS attacks. For example, Twitter, Amazon or AirBnB websites have been made inaccessible by Mirai malware. This malware was based on the botnet of hundreds of thousands security cameras. Securing IoT is a real stake for the year to come. Routers will also become an attractive target. Considered as devices which only transmit packages, routers are not updated very often and that’s why they are more and more vulnerable. Even if they don’t represent most of the attacks and are less common than crypto jacking or phishing, cyberattacks on routers may become a real security trend, that’ll need to be watched. Finally, let’s focus on artificial intelligence and machine learning, which have been buzzwords in cybersecurity during these last few months. Those technologies represent an added value, especially in threats detection. Artificial intelligence and machine learning make it possible to transcend limits related to signature solutions, which are the more and more impacted by their databases heaviness (IDS/IPS). The search for unusual activity with artificial intelligence is the best response against signatures lacks. But they do not replace current detection engines. Artificial intelligence and machine learning make it possible to analyse lots of behaviour, by integrating large amounts (many Gbps) and types of data (flows, metadata, logs…). However, they must be considered in a global approach, with other detection engines. Indeed, artificial intelligence may also be the target of cyber-attacks. We should ask ourselves if AI is strong and protected enough, especially against adversarial attacks, which purpose is to fool AI by changing a tiny bit the information given to it. A lot of companies may be tempted to only use artificial intelligence for their security tools. But they have also to consider AI as a vulnerable technology. Its use must be combined with a real cybersecurity strategy. Concerning the attacks created by AI, we see it as a marketing fantasy more than reality. We can find several articles about AI developed by researchers, which has succeeded to create malware. But automation and industrialisation of threats creation are not currently on the agenda, as the use of advanced script. Conclusion The trend all experts seem to agree on is the increase in the number of attacks but also the number of attackers. They have more and more tools to implement targeted and sophisticated exploitation methods at lower costs. On the companies’ side, mind-sets are changing as cybersecurity is no longer considered as a cost but as a long-term investment. It is important to dissociate cybersecurity means available. AI and machine learning brought real progress for targeted threats detection. But those technologies are still inadequate for a company wishing to implement a complete and efficient cybersecurity strategy. In 2018 cybercriminals looked for profitability and mostly targeted companies. States also took a stand on the cyberspace protection, as Emmanuel Macron, the French President, showed in November with the Paris Call for Trust and Security in Cyberspace. In 2019 companies, administrations and industries must mobilise more to have a proper arsenal to detect and protect themselves. Cybersecurity is and will stay a military issue, but also a geopolitical weapon in the months to come. About Gatewatcher Gatewatcher is the first publisher of a breach and Advanced Persistent Threats (APTs) detection solution. The team is composed of experts in security, network, system, encryption and machine learning. The project started in 2015 with Jacques de La Rivière, engineer, and Phillippe Gillet, security expert. The product and company are now acknowledged by worldwide cybersecurity experts. Gatewatcher is trusted at government level and by companies in critical industries such as Energy, Banking and Transportation. During the 2016 edition of the FIC (Forum International Cybersecurity), Gatewatcher was awarded the France Cybersecurity accreditation rewarding innovation in the cyber defence field. It’s also being certified by the ANSSI (French Cybersecurity Agency) and matches The Military Planning Act requirements.
You'll find all the keys to understand this new threat and detect it before it's too late in our white paper.