Even as security companies are putting the finishing touches on new technologies to combat the latest cyber-attacks, criminal hackers are well underway in creating altogether new threats and updating existing malware.
Case in point, it didn’t take cyber hoodlums a month from the time they deactivated the Necurs botnet until they revived it again, using it to disseminate new versions of Locky ransomware with updates designed to thwart the latest detection methods.
With hundreds of millions of new examples of malware coming online yearly, you know cyber thieves aren’t counting on old viruses to earn their next paycheck. Continuing evidence that attackers are always on the job is staggering.
Evidence That Attackers Are Always On The Job
The moment cyber hoodlums realized that their attacks were less effective due to the new threat detection measures that security pros had developed, specifically for Locky ransomware, they took the Necurs botnet that had been firing off these attacks offline. When the botnet recently resurfaced, it became clear that three weeks was plenty of time for attackers to prepare a new version of Locky that thwarted the latest security geared to exposing it. The overall ransomware threat continues to climb.
In addition to new malware to launch attacks, attackers advance their efforts by finding new victims. Such is the case with school systems, medical centers and even the police, who have fallen prey to ransomware. Ransomware attacks on U.S. victims have earned attackers eight times as much loot during the first quarter of this year as they hauled away all of last year; the actual total for this year’s first quarter hacker profits is $209 million.
Bad guy hackers labor to add targets to replace wells that are drying up. Just as large financial entities begin to limit cyber-thugs’ profits by reason of better security, especially in North America, the bandits move on to small banks, ripping funds from their grasp. Smaller banks with tighter cybersecurity budgets are more attractive targets for cyber villains.
Criminals are using stenography to embed pieces of attackers’ threats in viral imagery. The Hammertoss virus uses numerous Twitter accounts that it creates on infected computers to search for Twitter posts with GitHub links to specific images. The images contain long code strings that hackers have embedded with pieces of attack code. Once the virus unites the various code strings into the fully composed malware, it uses it to compromise systems. The technique has advanced to include embedded code in video and audio files.
All a cyber-crook really needs to rob your company blind is some degree of access and some new twist on social engineering. Take for example the approach industry experts are calling Business Email Compromise (BEC) or Whaling. Attackers impersonate or gain control over a chief executive’s email, sending a correspondence to the CFO for example, asking for a wire transfer of some large sum or a mass of company records that they can use to execute some sort of fraud. The approach has already earned the crooks at least $2.3 billion.
Read about strategies for detecting today's most evasive threats