Many families of malware (such as those used in APTs), as well as botnets used for DDoS attacks, periodically contact their Command & Control server (C2) in order to receive instructions, downloads of updated code, or to exfiltrate stolen data. C2 servers can also be used to provide attackers remote access to a compromised system. If the malware developer hardcodes the domain name (or a static list of domain names) of the C2 server, then a security company could reverse engineer the malware code to discover the domain name. Security organisations could then blacklist the C2 domain or authorities could take it down, a process known as sinkholing. Once C2 traffic is blocked, the malware controller can no longer communicate with any of the malware installations, and cannot receive any data.
Each year around 2-3 billion credentials (username/password logon details) are stolen in data breaches. This is known as credential spillage, because legitimate credentials which rely on being known only by the user and (generally a representation) known by the online account provider, now become known to the attackers and subsequently to a wider audience.
Fileless attacks are becoming more and more prevalent. The Ponemon Institute estimate that 35% of all attacks during 2018 were fileless. And more importantly, they conclude that fileless attacks are 10 times more likely to succeed than any other form of attack. The reason for this haunting reality is simple: traditional anti-virus protection relies on file scanning, and with these attacks, no files are stored on the hard drive. Another reason for the popularity of this specter is that they leave no footprint, making forensics after the event difficult. The inclusion of fileless methods in many exploit kits contributes to their prevalence.
Containerisation is now an additional tool in the security arsenal which may enhance the protection of many applications and sensitive data.
Recent missile launches from the DPRK have received a lot of attention, however their cyber offensives have also been active and are growing in sophistication.
Cryptocurrencies such as Bitcoin have been the focus of acute attention recently. Just about everybody knows someone or has heard of someone making windfall profits from 2017’s spectacular price rises in Bitcoin and other cryptocurrencies. The sector has also not escaped attention from cybercriminals with incidents of cryptojacking rapidly escalating. Higher cryptocurrency prices increase the returns from coin mining, making cryptojacking an attractive target of cybercrime. IBM reported a 6-fold increase in cyptocurrency mining attacks between Jan-Aug 2017, and Wandera found a 287% increase on mobile devices between October and November 2017.
On several occasions I’ve written about insecurities of the Internet of Things – such as here, here, here, here and here. Recently, four US Senators decided to do something about it, and with the help of the Atlantic Council and Harvard University, have drafted a bill outlining minimum security requirements for IoT device purchases by US Federal agencies. The bill is bipartisan, proposed by two Republican Senators – Steve Daines (MT) and Cory Gardner (CO), and two Democrats – Mark Warner (VA) and Ron Wydon (OR). The proposed legislation is to be known as the Internet of Things Cybersecurity Improvement Act of 2017. It is a good start, and examining its provisions provides insight into many IoT device security vulnerabilities and solutions.
After years of enjoying relative security through obscurity, many attack vectors have recently proved successful on Apple Mac, opening the Mac up to future attack. A refection of this is the final quarter of 2016, when Mac OS malware samples increased by 247% according to McAfee. Even though threats are still much lower than for Windows OS users, Mac users cannot afford to be blissfully complacent as they may have been in the past.