5 Things To Know From 12 months In Cyber Security

5 Things to Know from 12 Months in Cyber Security

Symantec’s annual cyber security threat report was released last week. Here are five nuggets of wisdom from it for you to chew over.

Cyber criminals follow trends too

There is no doubt that the biggest trend in 2017 was the huge growth in cryptocurrency coin mining that occurred in the last few months of the year.

Driven by various factors, but primarily the huge increase in value of many cryptocurrencies, activity in this space surged by 8,500 percent over the course of 2017. Yes, you are reading that right, eight thousand five hundred percent. Most of this growth was driven by browser-based coinminers: this is where cyber criminals insert a few lines of code onto a web page, and when a user visits this web page this code utilizes their computer’s power to secretly mine cryptocurrencies. The most famous cryptocurrency is Bitcoin, but Bitcoin needs a lot of power to be mined and a regular computer wouldn’t be capable of this. The majority of these coinminers were mining Monero, which is easier to mine and also offers a higher degree of anonymity.

Coin mining also allows cyber criminals to keep a low profile: many victims may not even realize a coinminer is running on their device, as they could attribute any slowdown (the main impact of coinminers on most users) to other factors.

However, the reason coin mining was such a trend in 2017 is because it was so profitable for criminals: if the values of cryptocurrencies drop, criminals’ interest in this area is likely to take a similar dive.

There was an 8,500 percent increase in coinminer detections on endpoint machines in 2017

Your phone is still a target

Mobile malware has been around for a long time, so is perhaps not talked about as much as it once was. However, it is still a major threat, and we observed a 54 percent increase in mobile variants in 2017, showing that this is an area that cyber criminals are still taking a lot of interest in. More than 24,000 malicious mobile apps were blocked every single day in 2017. The great majority of mobile malware discovered was found on third-party app stores — underlining the increased risks users can face if they root or jailbreak mobile devices.

User behavior can be a particularly big factor when it comes to mobile malware, and we previously published a blog with tips on how to improve your smartphone’s security. Another big issue is that only 20 percent of Android users were running the latest major version of the OS, however, that is not simply the fault of the user and often users of certain brands of phone are never offered an option to update to the latest version of Android.

Mobile malware variants increased by 54 percent in 2017

Have you forgotten about IoT threats? Cyber criminals haven’t

In the wake of the havoc caused by the Mirai botnet, it was all about Internet of Things (IoT) devices and the dangers posed by them in 2016. But, in 2017, with threats like the above-mentioned coin mining, WannaCry, and Petya/NotPetya grabbing all the attention, IoT fell out of the headlines a little bit. However, it would be wrong to think these devices have fallen off the radar for cyber criminals. Attacks on IoT devices increased by 600 percent in 2017. While coin mining is currently primarily taking place on computers, and also mobile phones, if this area continues to develop it is very possible that cyber criminals will increasingly focus on IoT devices and use these to mine cryptocurrencies.

With the amount of IoT technology available to us increasing all the time, good security in this area, on the part of both consumers and manufacturers, is more important than ever.

Macs aren’t immune

Apple’s operating systems are often commended for their high levels of security — though they are not immune to threats either. In 2017, we observed an 80 percent increase in new malware on Macs, which is a huge increase.

However, this increase was primarily driven by coinminers — underlining again the huge impact these threats had in 2017. Browser-based coinminers are able to run on even fully-patched machines, which is one of the things that make them so attractive to cyber criminals, and one of the reasons why they had such an impact on the normally very secure Mac ecosystem. This fact also means they can be difficult for consumers to protect themselves against, and the onus is really on website owners to make sure their websites are secure and well protected, so that criminals cannot inject malicious code onto them.

WannaCry — a sign of the return of self-propagating threats?

WannaCry was almost undoubtedly the biggest cyber security news story of 2017, and is one I’m sure most people are familiar with. This ransomware from the Lazarus group spread across the world at lightning speed — and would have caused even greater damage but for the discovery of a killswitch by a security researcher quite early on in the outbreak. WannaCry was interesting for many reasons: it was ransomware being used by a targeted attack group to make money, which is extremely unusual, though the use of ransomware by targeted attack groups for various different reasons may be something we see more often, as we outline in the report.

WannaCry was also unusual (for recent times) because it was self-propagating, as it used the EternalBlue exploit to spread. This exploit had been patched some months before WannaCry was unleashed, but there was still a sufficient number of unpatched computers online for WannaCry to cause serious havoc. Petya/NotPetya, a destructive wiper that initially appeared to be ransomware, also used this exploit to spread later in the year, as well as using other SMB spreading techniques that utilized legitimate tools.

Both these threats exhibited characteristics that we could yet see becoming a bigger trend going forward: the use of ransomware as a decoy and/or a revenue generator by targeted attack groups, and the return of self-propagating threats.

Will these trends continue as we move further into 2018? Only time will tell.

Read more about these and many more cyber security threats and trends, including software supply chain attacks and a surge in certain financial Trojans, by downloading ISTR 23 now.

Check out the Security Response blog and follow Threat Intel on Twitter to keep up-to-date with the latest happenings in the world of threat intelligence and cybersecurity.

Like this story? Recommend it by hitting the heart button so others on Medium see it, and follow Threat Intel on Medium for more great content.

5 Things To Know From 12 months In Cyber Security was originally published in Threat Intel on Medium, where people are continuing the conversation by highlighting and responding to this story.