In a new report examining trends in cyberthreats from 2018 through the first quarter of 2019, researchers with Positive Technologies found that despite increased awareness among organizations and their end users, ransomware and other trojan-based attacks are set to increase this year.
According to the research team, there was a dramatic increase in the number of ransomware incidents, jumping from 9% in the fourth quarter of 2018 up to a whopping 24% in the first quarter of 2019. This suggests that threat actors have developed new variants of malware or have changed their tactics in the face of education and training by cybersecurity experts and organizational security teams.
One major tactical evolution is happening in how hackers manipulate their victims into paying a ransom. One threat group tried to trick victims into paying by asserting that the ransom payment would be donated to a children’s charity. Another group—and this trick is super devious—is accepting payment via Paypal as opposed to the traditional bitcoin. However, the payment link redirects to a spoofed Paypal webpage, set up to steal the payment credentials and personal information of the victim. The hackers can then easily access those accounts prior to selling the stolen credentials on the dark web.
There’s also appears to be a shift in targets, especially governments and healthcare organizations. These types of targets tend to rely on older infrastructure that may have a higher number of known vulnerabilities due to the heavy costs (and heavy disruption) associated with upgrading to more secure hardware and software.
The researchers also note an increase in modular malware, or malware that is flexible enough to perform multiple tasks. One such example is a trojan known as CookieMiner, which installs a hidden cryptocurrency miner on the target endpoint, and also positions itself to steal payment information and personal data.
As threat awareness increases and education helps end users build better cyberhygiene practices, expect these types of evolution in malicious tactics from threat actors. But any education and threat awareness training needs to be coupled with active patching and updating of infrastructure and endpoints, the use of robust antivirus and anti-phishing software, and routine audits.