The effectiveness of cyber-criminals is increasing, warns the IT security firm McAfee in its latest quarterly threat report. The 34-page document covers underground forums, ransomware, crypto-jacking, fake apps, banking trojans, exploit kits, and cyber espionage.
John Fokker, head of cybercriminal investigations at McAfee, and one of the report authors, described cyber-criminals as very opportunistic in nature. He said: “The cyberthreats we face today once began as conversations on hidden forums and grew into products and services available on underground markets. Additionally, the strong brands we see emerging offer a lot to cybercriminals: higher infection rates, and both operational and financial security.”
Hacker forums provide an elusive space for cyber-criminals to discuss topics with their peers, according to the report. Due to many recent successful large data breaches, user credentials remain a popular topic. Hacked email accounts are of particular interest. The criminals have shifted their focus from point-of-sale systems to payment platforms on large e-commerce sites. They have skimmed thousands of credit card details directly from victim websites, which has fuelled demand for credit card details and the malicious tools that can be used to steal them.
Cyber-criminals are eager to weaponise vulnerabilities both new and old, and the number of services now available on underground markets has dramatically increased their effectiveness, said Christiaan Beek, lead scientist at McAfee and another of the authors. He said: “As long as ransoms are paid and relatively easy attacks, such as phishing campaigns, are successful, bad actors will continue to use these techniques.” Following up-and-coming trends on the underground markets and hidden forums allow the cyber-security community to defend against current attacks and stay a step ahead, he added.
IoT devices such as cameras or video recorders have not typically been used for crypto-mining because they lack the CPU power of desktop and laptop computers. However, cybercriminals have taken notice of the growing volume and lax security of many IoT devices and have begun to focus on them.
Comment
Mark Adams, Regional Vice President of UK and Ireland for Veeam said it was unsurprising to see that breaches have increased by 20pc in the financial sector. He said: “Cybercriminals know that targeting these firms can make for incredibly lucrative work. Several consumer banks have found this out the hard way in 2019, with their own unfortunate incidents proving to be incredibly costly to both their finances and their reputation. With GDPR now in full swing, hefty fines from the ICO are always waiting around the corner for those who don’t adhere to the regulations around personal data. Securing and managing data intelligently has therefore never been more important; what was an IT issue is now a matter for the boardroom.
“In 2019, we would expect more financial companies to increase spending on cybersecurity and data management tools that can spot possible irregularities and help staff act accordingly. I think there will be greater scrutiny of service level agreements with managed services companies and that includes cloud vendors.
“What we’ve also seen this year are state-sponsored attacks that are concentrated on specific companies. This doesn’t look like it is going away. Relying purely on security tools has proven to no longer be enough, so it will take a combination of services and tools to combat such determined attacks.
“Whilst it might have felt tempting in the past to overlook certain data management-focused tools because they seemed too costly or excessive, it does appear that the tide is turning. Financial firms and the wider business sector have learnt from the breaches and attacks, and are more willing to explore more diligent ways of protecting and organising personal data, and data more broadly. When it comes to responding to data breaches you will never have as much time as the attacker had to plan it, so being overly prepared for the absolute worst is key to keeping brand trust high.”
