The pace of cybersecurity threats was unrelenting last year, as cyber criminals continuously introduced new attacks and tried new tactics for outsmarting potential victims. A look back at the most prevalent threats that the Barracuda Research team studied over the course of the year reveals three important lessons that organizations and their IT service providers can learn from to help guide them to a more secure 2019.
Lesson 1: Cybercriminals are trying to take over your accounts
In May, we looked at how cybercriminals are taking over user accounts and using them to send fake OneDrive share links to colleagues to steal credentials and take over more accounts. We’ve also seen attackers impersonate Google Drive, Outlook, and DocuSign to try to steal credentials.
Then in August, we went deeper by conducting a study of 3,000 business email compromise attacks, which found that nearly half of the attacks used the compromised account to try to trick email recipients into doing a wire transfer to bank account owned by the attacker.
We continued to focus on account takeover attacks in September, looking at how widespread these attacks had become. We studied 50 randomly selected organizations over a three-month period and found that each month four to eight experienced at least one account, with a total of 60 incidents reported.
Account takeover is one of the biggest threat vectors in the cybersecurity industry today. More and more organizations are getting hit, and the attacks are getting more and more targeted. Attackers are moving away from the relatively standard phishing email, as they are finding that strategically targeting business executive accounts is much more lucrative.
As account takeover attacks get more personalized and sophisticated in 2019, a big problem in cybersecurity that will grow even bigger is that of identity. How do we know if someone is really who they say they are? This challenge will be exacerbated as more organizations continue to move to the cloud and remote logins becomes more common.
Lesson 2: Cybercriminals are finding more creative ways to make a profit
Attackers have also recently started favoring tactics that allow them to get paid directly. The 2018 Barracuda Email Security Trends report explains it this way:
“Information theft is the classic breach example; however, ransomware and business email compromise attacks are still fairly new and have quickly become expensive in their own right, making them appealing to cybercriminals. Criminals apparently prefer direct monetization attacks over traditional theft sales. Unlike information theft, which requires a buyer, these newer attacks don’t; they cut out the middleman, meaning less work and a faster, better ROI for the criminals.”
Several of the threats we studied this year demonstrated how attackers are getting imaginative about finding new ways to make cybercrime pay. In October, we examined an ongoing “sextortion” scam, which used a combination of passwords compromised in old breaches and threats about revealing embarrassing video footage to scare people into making big payments. In November, we looked at a spear phishing attack that used CEO impersonation and timing around the holidays to get people to buy gift cards for the attackers.
These attacks are a good reminder of why security awareness training is so important for businesses of all sizes. Educating employees regularly on the types of attacks to watch out for, how to recognize a suspicious message, and how to respond appropriately can go a long way toward helping businesses stay more secure and avoid a costly mistake.
Lesson 3: Cybercriminals aren’t giving up on their greatest hits
Just because criminals are getting creative with new attacks doesn’t mean they’re slowing down in other areas where they’ve seen success.
In June, we looked at the incredible volume of phishing attacks that are happening on a regular basis. For example, in May 2018 alone, Barracuda blocked more than 1.5 million phishing emails and saw more than 10,000 unique phishing attempts (the same email content, potentially sent to hundreds or even thousands of people).
In April, we examined a new URL file outbreak. Attackers were using a variety of techniques to launch a Quant Loader trojan capable of distributing ransomware and password stealers. The Barracuda Research team tracked the attack closely and shared what they’d learned about the attack and how it was being executed — and how easy it was for would-be attackers to obtain the malware.
“Based on past attacks, Quant Loader is a trojan that typically distributes malware such as ransomware and password stealers,” researcher Jonathan Tanner wrote. “It is sold on underground forums and allows the user to configure the payload(s) upon infection using a management panel. Configurable malware offered for sale such as this is becoming more widespread, which allows malware development to be separated from distribution.”
These examples showed us that although cybercriminals are starting to get more sophisticated with threats like account takeover, they aren’t giving up on go-to attacks like phishing, ransomware, and malware, such as trojans and password stealers. In part, this is because they’re still finding people they can trick and businesses that aren’t following security best practices.
That’s why it’s so important for organizations and their IT service providers to develop a multi-layered approach to security. You need to defend multiple threat vectors and keep up with new attacks, without getting lax about security fundamentals. Putting the right security solutions in place and working with the right partners can help make that easy.
