Page 42 - CDM-CYBER-DEFENSE-eMAGAZINE-December-2018
P. 42

Perhaps unsurprisingly, the most common attack was still Russia to the United States. However, the
            volume of attacks is much lower than before – only eight million in first half of 2018, compared with about
            140 million for all of 2017.

            A quick note: the presence of a country on the list does not necessarily indicate the people behind an
            attack are inside that country. There are several methods where attackers can leverage proxies to cloak
            their activities, including VPNs or TOR, and compromised machines or infrastructure.

            The slowdown of attacks from Russia could turn out to be temporary, but one shift in the threat landscape
            looks to be more enduring.


            The End of the Ransomware Gold Rush

            Ransomware attacks grew in volume by over 400 percent in 2017 compared with the previous year,
            thanks  largely  to  WannaCry.  But  they  became  less  common  as  the  year  progressed.  In  2018,
            ransomware remained a potent threat but the slowdown in attacks continued.

            A number of factors played into what appears to be the end of the ransomware “gold rush.” These include
            the  wild  unpredictability  of  Bitcoin  pricing  which  made  it  impossible  for  people  to  pay  ransoms,
            improvements in antivirus that led to increased effectiveness in blocking the threat and the decline of
            exploit kits as a means of infecting users.

            There’s  no  one  answer  but  the  shift  of  focus  by  cyber  criminals  was  clear; the  number  of  unique
            ransomware  families  or  variants  per  month  peaked  at  45  in  May  of  2017  and  was  down  to  15  by
            December.

            Cryptojacking – unauthorized borrowing of a device’s computing resources for cryptocurrency mining –
            overtook ransomware in terms of numbers in 2018. Spam also experienced a mighty resurgence, coming
            in at #1 as an attack vector of the first half of 2018.

            This  also  suggests  cyber  criminals  are  running  out  of  other  attack  vectors  due  to  improved  system
            security against software vulnerabilities and exploits. Left without these tricks, attackers are attempting
            to exploit users through social engineering instead.

            About a third, 31%, of spam email featured links to malicious websites, while 23% contained malicious
            attachments. In addition, 85% of malware attachments were found to be one of five file types: 7Z, DOC,
            PDF, XLS, or ZIP, and most were infostealers, RATs and banking Trojans. The other 46% of spam was
            mostly dating scams, which also appear to be making a comeback.











                                 42
   37   38   39   40   41   42   43   44   45   46   47