Cyberattacks are changing again. Here’s what to watch out for.
Cybersecurity hacking-Cyber criminals are constantly changing their tactics and just as the security industry seems to have dealt with the latest threat, something new emerges.
Ransomware attacks were the big thing in 2017, while cryptomining malware became popular with crooks trying to make a quick buck throughout 2018. Both of these are still a threat, plus the tried-and-testing menaces of malware, phishing and hacking, which have continued to plague organisations across the globe.
But one trend this year is that cybercrime is getting more personal. While targeted attacks against particular types of companies or groups of people was once something associated with high-end state-backed hacking operations, now less sophisticated cybercrime groups are using the same tactics.
“E-crime is slowly shifting from a maximum hits paradigm to maximum accuracy. Some groups are getting very picky about their targets, they really try to pinpoint the right demographics,” says Assaf Dahan, head of threat research at Cybereason.
There’s a key factor driving this: money. If attackers can steal the right data, or hold the right systems hostage for a ransom, they can make a bigger profit than they can just by going after the general population.
Self-preservation is another factor: for crooks who want to ensure they and their attacks have the best chance of remaining hidden, they won’t spam malware out across the world. They’re more likely to stay under the police radar if they choose to go after a small cluster of targets, or even just a single large entity.
“If I were to develop a malware that’s very focused on stealing financial data from British banks, why would I bother infecting people in Bolivia or China? The more it’s proliferated, the greater the risk that it’ll get caught,” says Dahan.
While many cyber criminal groups are still noisy and focused on short-term profit, some are now conducting surveillance to ensure they hit the right targets.
“The blurred lines between the techniques used by nation-state actors and those used by criminal actors have really gotten a lot fuzzier,” says Jen Ayers, vice president of OverWatch cyber intrusion detection and security response at CrowdStrike.
“Many criminal organisations are still very loud, but the fact is rather than going the traditional spam email route that they have been before, they are actively intruding onto enterprise networks, they are targeting unsecured web servers and going in, stealing credentials and doing reconnaissance,” she adds.