UK talks to security researchers, ex-FBI and ex-NSA cyber experts to find out about deadly threats in cyberspace.
Cyberspace has increasingly become a battleground for malicious entities intent on creating havoc. Whether it be scamming unsuspecting users, profiting by stealing sensitive user data or targeting big businesses and governments to ferret out classified information, cyberspace offers avenues for all this and more.
Cybercriminals have been leveraging various tools and creating new ones at alarming speed. However, the best way to stay safe is to arm yourself with knowledge about the various threats out in the wild, as in this case, knowledge truly is power.
IBTimes UK spoke to cybersecurity researchers, and experts from various law-enforcement agencies to find out more about serious threats and what one can do to keep safe.
Here are the top five cyberthreats that everyone should be on the lookout for:
1) Phishing campaigns
Phishing campaigns are one of the most common tools used by hackers seeking to surreptitiously steal user data and credentials. Phishing campaigns generally involve hackers sending out malware-laced emails purporting to be from legitimate businesses and/or sources, which then trick victims into divulging sensitive information such as usernames, passwords, card numbers and other credentials.
Of late, social media scam phishing campaigns have gained ground. Hackers have taken to posing as customer care accounts of legitimate businesses and brands on Twitter to hijack conversations of customers and deliver malware. According to Duo Security, it takes less than five minutes for cybercriminals to put together an effective phishing campaign and less than half an hour to gain access to data from a victim’s system.
ESET malware researcher Robert Lipovsky told IBTimes UK, “There are a great number of techniques to achieve that (and a persistent actor would choose the best way of getting in after doing reconnaissance on the target), such as spear-phishing, drive-by-downloads using exploits, watering hole attacks, manual installation with physical access, and so on. Interestingly, spear-phishing is one of the most commonly used techniques, because it is simple and effective: when the attacker knows their target, they will send them a malware-carrying email with a topic of interest to the recipient so that they’re very likely to open it without a second thought, or even something they might be expecting to receive.”
It is essential that users proceed with caution when opening emails that appear to come with suspicious subject lines. Emails that advertise too-good-to-be-true deals or claim to need “urgent” attention are some of the commonly used subject lines by hackers in the past. Additionally, when approaching customer support on social media, it is advisable that users contact verified accounts and closely check for any minor spelling differences from main accounts to customer support accounts.
Malware is a malicious code designed to infect a victim’s system and render it damaged. In recent years malware has progressed to have gained the ability to infect almost any device. Among the various kinds of malware are banking malware, mobile malware, specifically Android malware, which recently has become a potent tool in posing as fake apps infecting phones, spyware and ransomware.
There are various anti-malware security software available, which can be installed on both PC and mobile phones. Additionally, users are also advised to be wary of suspicious apps, and programs. It is best not to download any program or app from an unfamiliar or untrusted source.
Ransomware has quickly become one of the deadliest and most effective tools used by hackers to steal credentials and/or make a quick buck. This is a type of malware, which after infecting a target’s system, encrypts all data and locks out the user from accessing anything within. Ransomware authors generally demand ransom in the form of bitcoins, in exchange for releasing the victim’s data.
Some of the most common strains of ransomware in the wild are Locky, CryptXXX, TeslaCrypt, KeRanger and CryptoLocker, among others.
Since decryption is often tricky, ransomware attacks have become extremely popular among cybercriminals. Carbon Black co-founder and chief security strategist Ben Johnson told IBTimes UK, “Ransomware attackers do not need to be sophisticated, in fact, it’s fairly simple to buy ransomware and kick-off a campaign. Ransomware’s rise in popularity parallels the development of fileless attack methods that traditional antivirus (AV) simply cannot stop. Cyber criminals are quick learners and eager to make fast money. Whether extorting $300 per user from a small business or $30 million from a multinational enterprise, the level of effort is often similar.
“A few of the more successful ransomware campaigns include Cryptolocker, Teslacrypt, CryptoWall, Locky, KeRanger, CryptXXX and PowerWare.”
Former FBI national security executive Bob Anderson, who now serves as MD at cybersecurity firm Navigant Consultants told IBTimes UK, “This is very lucrative in the criminal cyberspace. Hackers attack thousands of people around the world instantly for historically low ransoms. They get away before law enforcement has been called. They then move on to the next victim or entity.
“Russian organised crime and other nation states have utilised ransomware attacks. For the most part it is organised and very sophisticated. Currently in the US, the hospital and health care industries are targeted regularly.”
In the run-up to the highly anticipated US presidential elections, talk of cyberespionage has moved from the infosec community to the streets. Although this has been an effective means by which to spy on corporations and/or governments, only recently has the public become aware about cyberspying.
Johnson said, “Cyber is the new face of espionage. State-sponsored actors have increasingly invested energy and money into cyber attacks and intel gathering. Previously, espionage utilised undercover agents trying to recruit moles or cracking safes to steal sensitive information. While I’m sure that still occurs on some level, the game has certainly shifted to cyber espionage. As we’ve seen with recent major hacks against political and government organisations, this level of espionage is certainly paying dividends for attackers.”
Anderson added, “In today’s world, cyber espionage is everything! Adversaries 10 years ago had to physically penetrate the company or Agency. In today’s world they can do it remotely and obtain far more access to the victim’s IT.”
Lipovsky said, “Perhaps the most common way for an intruder to get inside of their target’s computer network and spy on them (by stealing files, logging keystrokes, capturing screenshots, and so on) is by using malware. In suspected state-sponsored cyberespionage attacks, we often see malware that is custom-built and state-of-the-art, which indicates that significant amount of resources have been put into the operation. But that is not the only type that we see. There is a lot of espionage malware that can achieve the same goals, that is either offered for sale on the black market, or even freely available. Another possibility is not to use outright malware but to abuse legitimate software for remote control. While that may generally be easier to detect, if the attackers do succeed, it is even more difficult to fingerprint than a ‘limited use’ malware family and attribute it to a threat actor.”
5) DDoS attacks
In light of the recent massive DDoS attack that nearly shut down internet services in the US, public awareness of this type of cybercrime has become vitally important. Distributed Denial of Service attacks occur when multiple systems flood the bandwidth of servers with unprecedented traffic, effectively taking them offline.
Cybercriminals have now begun leveraging unsecured IoT (Internet of Things) devices to create botnet armies of compromised devices to launch DDoS attacks.
Jay Kaplan, former NSA analyst and CEO of security firm Synack, told IBTimes UK, “DDoS attacks are one of the oldest tricks in the book, but they continue to be a very real threat — especially as of late — with hackers targeting the latest exposed vulnerabilities in the IoT space, like poorly crafted passwords.
“Cybercriminals do not need much technical proficiency to launch a DDoS attack, and the scale of these attacks is rapidly increasing. While sophisticated hacking groups no doubt utilize DDoS as one “tool in the toolkit,” a record-breaking attack like seen with Dyn last week is believed to be the work of amateur hackers. Even further, individuals with no technical/hacking proficiency can hire DDoS-as-a-service companies if there’s enough motivation.”
Johnson added, “IoT devices are often created and marketed to make consumers’ lives easier. The unfortunate reality is that security is often an afterthought during the production cycle. The focus is on creating an easy-to-use, marketable product. Security comes after the fact, if at all. IoT botnets are designed to target the low-hanging fruit when it comes to vulnerabilities in IoT devices. If the botnets continue to work, attackers will continue to use them.
“With DDoS attacks, ‘protection’ is all about increasing bandwidth so that an overflow of traffic doesn’t cripple the infrastructure. In that regard, there’s very little any single business or user can do other than to lean on internet provides to put the proper security controls and hygiene in place. When it comes to IoT devices and home computers, though, individuals can make sure the software being used on baby cameras, thermostats, etc. are always patched. You should always be using the latest software version provided by the manufacturing company. This way, when a botnet targets a known vulnerability, your specific device is not contributing to the traffic overflow. The onus of responsibility, though, is on IoT manufacturers to think security first.”