Looking back at 2017, it certainly was eventful in the “cyber” world. From the rise of ransomware looting millions of dollars in crypto currencies to targeted cyber-attacks and high profile data breaches, individuals and business alike have been affected on a worldwide scale.
One of the major types of attack observed in 2017 was ransomware. As the name suggests, ransomware is a piece of malicious code that once executed on a target machine encrypts all files and displays a message asking for a ransom. On a technical level, a ransomware applies a cryptographic cipher to the files that are stored on a system rendering them inaccessible without the matching decryption cipher. Once the target system has been affected, a message is prompted on the screen asking the user to send a sum in crypto currencies (usually Bitcoin) to a wallet address. Crypto currencies are often used by cyber criminals because they are harder to track back. Ransomware usually spreads via email attachments that contain a macro. The RDP (Remote Desktop Protocol) is also used by attackers to inject malicious code or script in order to infect targeted systems. You’ll no doubt be familiar with the most notorious ransomware seen in 2017, “WannaCry”, “NotPetya” and “BadRabbit”.
In keeping with threats related to crypto currencies, there has been an increase in “mining” malware. This is a type of malware that uses website bandwidth, processor power or graphic card computing power to mine crypto currencies. Attackers have found clever ways to make such malware go undetected by splitting the computing usage to a minimum over hundreds of machines via a Botnet (a network of infected machines). At the user level, the malware operates in a stealthy way and there is no visible impact or interference. The accumulation of computing power through the Botnet allows attackers to reach a tremendous amount of computing power, consequently allowing them to accumulate crypto currencies at a very fast rate.
Phishing attacks were also very popular in 2017. Unlike previous years, it was observed that social engineering and OSINT (Open Source Intelligence) were the preferred methods of intrusion used by attackers to gain valuable information about a target organisation. Attackers were able to gain unauthorised access to corporate email accounts and from that point on, were able to launch an arsenal of attacks such as sending infected email attachments, impersonating staff to arrange international wire transfers of money, and even blackmailing.
Numerous data breaches also occurred in 2017. This highlights two major points that are often disregarded in cyber security: data privacy and the security measures that should be put in place to ensure an adequate level of protection. Millions of records containing personal data and banking details were leaked within several sectors including: financial services, consulting firms, hotels and supermarket chains. Personal data that is leaked is often exchanged on the “dark web” where cyber criminals use it for numerous illegal activities.
More common threats were also part of the landscape last year, such as DoS (Denial of Service), virus infection, account credentials and databases brute-forcing. In addition to that, organisations were faced with internal staff threats and all the risks associated with staff bringing their own devices inside office premises.
2018 and GDPR
In conclusion then, 2017 was mostly associated with ransomware related malware levering crypto currencies, which isn’t surprising considering 2017 was the rise of Bitcoin – with its value reaching $20,000 for one single coin. But what can we expect to see in 2018? On the one hand we know there will be more crypto currency mining, as already experienced at Tesla, and Ransomware is going to the next level with Office 365 and Gmail now being encrypted via your browser. However, we should see improvements in data protection and data privacy this year with the General Data Protection Regulation (GDPR) coming into force from 25th May. The GDPR is aimed at giving more power to individuals with regards to the personal data they share with organisations, and forcing organisations processing EU citizen data to be more transparent in the way they collect and process personal data. Only time will tell how things will unfold.