News

Cryptojacking booms as major security threat in 2018

Cybersecurity
2017 was the year when the word ransomware stopped being a term exclusive to cybersecurity experts and IT departments. The enormous media attention that attacks such as WannaCry and Petya/GoldenEye received turned this type of threat into one of the key trends for businesses last year. However, highly publicized events must never serve as a risk indicator, nor influence on any security related decision.

This year, the constant evolution of cyberthreats have not slowed, Cybercriminals continue to change their tactics: instead of attention-grabbing, showy attacks like those we saw last year, they are opting for sneakier tactics such as cryptojacking.

Cryptojacking, one of 2018’s booming trends, is the unauthorized use of a user’s devices to mine cryptocurrencies, and can get in via phishing emails, malicious URLs, or through vulnerabilities. Its aim is to go unnoticed for as long as possible, and thus fully exploit its victim’s processing power.

PandaLabs, has compiled malware and threat data from throughout 2018 to show that while traditional file-based malware continues to grow with a 60% rise throughout the year up to 9 million malicious URLs and 2.4 million attacks blocked per million endpoints per month, and 20.7% of machines studied experienced at least one malware attack during the period analyzed.

Malware-less attacks targeting the endpoint such as Business Email Compromise and utilizing Remote Desktop Protocol (RDP) to infiltrate the network are becoming more prevalent, with RDP attacks on 70% of mid to large sized Panda clients every month.

Panda Security’s Threat Hunting and Investigation Service has identified and investigated 90 new valid incident types resulting from interrogating the forensic data to validate their hypotheses. This allows the Threat Hunting Team to protect against attack that traditional security solutions are not able to detect such as in-memory execution and “live off the land” activities utilizing legitimate tools and techniques for malicious purposes – examples are detailed in the report.

The year of personal data

One new story that has affected many cybersecurity professionals is the definitive implementation of the GDPR in May this year, something that had repercussions in nearly the whole world.

And the fact is that this new regulation has coincided with some of the most massive data breaches in history: Marriott International, Exactis, or the notorious Facebook and Cambridge Analytica case.

What can we expect to see next year?

While 2018 has been an interesting year for cybersecurity, PandaLabs predictions for 2019 suggest it will be anything other than a “tock” year geopolitical digital sovereignty, supply chain attacks, hackers harnessing AI, and the misuse of data all causes for worry.

One of the leading trends in cybersecurity in 2019 will be live hacking. Although “traditional” types of malware, such as Trojans or worms, are still being used frequently by attackers, new malwareless attack techniques will grow at a faster rate. This can be put down to an increased difficulty in detecting them on the one hand, and on the other hand, to the increased cyberoffensive capacity in the world, both of states, and of criminal gangs, both state sponsored and unaffiliated.

In 2018, nation states have played a more significant role in the digital realm, as a consequence of the more protectionist positions in the western world (the United States and the United Kingdom), the reactions of other powers (mainly Russia and China), and the increasing climate of mutual distrust among them. One compelling prediction suggests that the concept of digital sovereignty will also spread to security in 2019, especially in Europe, moving towards a European digital sovereignty.