Digital Security – The threats are bigger than you think


In today’s modern environment, great reliance is placed on technology in the way we do our record keeping, administration, banking, financial transactions, communication, etc. What we don’t pay much attention to, often to our own risk and detriment, is how secure we really are as opposed to how secure we think we are.


In the February 2019 Symantec ISTR (Internet Security Threat Report), the incidents and variety of threats are made strikingly clear and business owners, fund administrators and people in general would do well in familiarising themselves with the numerous methodologies and platforms used by cyber-criminals to get a hold of you.


According to the Symantec Report, there are several types of cyber threats and what follows is a quick summary extracted from the report:


FORMJACKING


Incidents of formjacking - the use of malicious JavaScript code to steal credit card details and other information from payment forms on the checkout web pages of eCommerce sites trended upwards in 2018.


The Symantec data shows that 4,818 unique websites were compromised with formjacking code every month in 2018. With data from a single credit card being sold for up to $45 on underground markets, just 10 credit cards stolen from compromised websites could result in a yield of up to $2.2 million for cyber criminals each month. The appeal of formjacking for cyber criminals is clear.


CRYPTOJACKING



Cryptojacking - where cyber criminals surreptitiously run coinminers on victims’ devices without their knowledge and use their central processing unit (CPU) power to mine cryptocurrencies - was the story of the final quarter of 2017 and continued to be one of the dominant features in the cyber security landscape in 2018.


Cryptojacking activity peaked between December 2017 and February 2018, with Symantec blocking around 8 million cryptojacking events per month in that period. During 2018, we blocked more than four times as many cryptojacking events as in 2017 - almost 69 million cryptojacking events in the 12-month period, compared to just over 16 million in 2017. However, cryptojacking activity did fall during the year, dropping by 52 percent between January and December 2018. Despite this downward trend, we still blocked more than 3.5 million cryptojacking events in December 2018.


RANSOMWARE



Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. This is exactly what happened to Liberty Life on the 16th of June 2018 when they fell victim to a ransomware attack, with the personal data of millions of the insurance company’s customers potentially at stake. An external party claimed to have seized data from Liberty and also alerted them to alleged potential vulnerabilities in their systems and wanted to get compensation for this.


Up until 2017, consumers were the hardest hit by ransomware, accounting for the majority of infections. In 2017, the balance tipped towards enterprises, with the majority of infections occurring in businesses. In 2018, that shift accelerated and enterprises accounted for 81 percent of all ransomware infections. While overall ransomware infections were down, enterprise infections were up by 12 percent in 2018.


SUPPLY CHAIN ATTACKS


Supply chain attacks, exploit third-party services and software like for example Microsoft Office to compromise a final target. This also includes hijacking software updates and injecting malicious code into legitimate software to gain access to the target.



This trend of “living off the land” shows no sign of abating - in fact, there was a significant increase in certain activity in 2018. PowerShell usage is now a staple of both cyber-crime and targeted attacks reflected by a massive 1,000 percent increase in malicious PowerShell scripts blocked in 2018 on the endpoint.


In 2018, Microsoft Office files accounted for almost half (48 percent) of all malicious email attachments, jumping up from just 5 percent in 2017. Cyber-crime groups, such as Mealybug and Necurs, continued to use macros in Office files as their preferred method to propagate malicious payloads in 2018, but also experimented with malicious XML files and Office files with DDE payloads.