During the first quarter of 2017, hacking attacks carried out in real time were on the rise, indicating a further professionalisation of cybercrime.
The latest quarterly report from PandaLabs finds businesses are still the primary target with 2.45 percent of devices attacked, compared with a slightly lower rate of 2.19 percent for domestic users.
The countries with the highest rates of attacked computers during Q1 2017 mostly came from Asia and Latin America. India, Taiwan and Malaysia are at the top of the list with 12.87 percent, 9.21 percent and 8.01 percent attack rates, respectively.
Countries with the lowest rates of attacked computers during this time period mainly came from Europe. Some of them include Denmark (0.65 percent), Czech Republic (0.55 percent) and Finland (0.34 percent).
According to the report, cybercriminals have changed their motive and no longer seek notoriety, but rather economic gains. In the final months of 2016, researchers analysed black hats in the development of Ransomware as a Service (RaaS) and DDoS attack services whose directors launched upwards of 150,000 attacks.
Cyberattacks were successful during Q1 2017 due to:
-
More sophisticated threats, new attack vectors and a higher number of offensives
-
More complex IT environments, with an overpopulation of devices, systems and connections
-
Traditional antiviruses, which do not evolve as quickly as attacks
Ransomware attacks are still on the rise and will continue to be as long as victims keep paying ransoms. There are estimates that cybercriminal groups specialising in ransomware earned a billion dollars over the course of 2016.
During the first months of 2017, quite a few cases of attackers of Russian origin were spotted. A similar pattern was followed in all of them: once a computer was accessed by them via RDP, they install Bitcoin mining software to obtain added profit and then encrypt files or block access to the computer.
Cybercrime is more professionalised than ever with highly specialised groups creating malware and exploits, distributing malware, information theft, money laundering, etc.
Malware for mobile devices is still much lower than what is seen on PCs, but follow the same patterns.
The widespread use of smart meters carries some lesser-known security risks. An attacker with control of the device could view the information recorded and sent to the power company and use it for malicious purposes.
Smart TVs pose risk as well as one victim installed an application to watch movies on the internet, apparently from a third-party site. Once the device was infected, the malicious software demanded money for code to unlock the screen using a simulated notice from the US Department of Justice. During the European Braodcasting Union Media Cyber Security Seminar in February, an exploit created by a security consultant was demonstrated allowing him to take control of a Smart TV without having physical access.
The European Parliament has detailed a set of regulations for the relation between robots, citizens and businesses. The goal is to minimise the negative impacts that could result from the incorporation of robots into the workforce. Meanwhile in the US, devices such as the Google Home and Amazon Echo have been used in the investigation of crimes due to their ability to wait to be summoned by a voice command and store audio files.
Cyberattacks and politics are becoming more intertwined than ever before. The German army will form its own cybercommand centre to reinforce online defences. In March, Wikileaks began publishing a series of documents containing technical details and tools used by the CIA to break into smartphones, computers and Smart TVs.
Luis Corrons, technical director of PandaLabs told SC Media UK: “There is a clear trend, cybercriminals are using less malware to perform their malicious actions, and try to abuse different legitimate tools to go unnoticed. Most traditional security solutions are not able to detect them, as they are not malicious in nature, so it is the perfect option to bypass those protections. The methods used also depend on the ecosystem that cybercriminals find in their victim's network, they adapt in real time to them, and if something fails they will try a different approach until they succeed.”
