Botnets continue to impact millions of computers, according to the Microsoft Security Intelligence Report.
In November 2017, as part of a public/private global partnership, Microsoft disrupted the command-and-control infrastructure of one of the largest malware operations in the world – the Gamarue botnet. Microsoft analysed over 44,000 malware samples, which uncovered the botnet’s sprawling infrastructure, and discovered that Gamarue distributed over 80 malware families. The top three malware classes distributed by the Gamarue botnet were ransomware, trojans, and backdoors. The disruption resulted in a 30pc drop in infected devices in just a three month-period.
As software vendors incorporate stronger security measures into their products, it is becoming more expensive for hackers to penetrate software. By contrast, it is easier and less costly to trick a user into clicking a malicious link or opening a phishing email. The year 2017 saw “low-hanging fruit” methods being used such as phishing — to trick users into handing over credentials and other sensitive information. In fact, phishing was the top threat vector for Office 365-based threats during the second half of 2017. Other low-hanging fruit for attackers are poorly secured cloud apps. In our research, we found that 79pc of SaaS storage apps and 86% of SaaS collaboration apps do not encrypt data both at rest and in transit.
Ransomware remains a force to be reckoned with. Money is ultimately what drives cybercriminals, so extorting cryptocurrency and other payments by threatening potential victims with the loss of their data remains an attractive strategy. During 2017, three global ransomware outbreaks—WannaCrypt, Petya/NotPetya, and BadRabbit—affected corporate networks and impacted hospitals, transportation, and traffic systems. We found that the region with the greatest number of ransomware encounters was Asia. The ransomware attacks observed last year were very destructive and moved at an incredibly rapid pace. Because of the automated propagation techniques, they infected computers faster than any human could respond and they left most victims without access to their files indefinitely.
These threats are inter-related. For example, ransomware was one of the most prominent types of malware distributed by the Gamarue botnet. Another example is that cybercriminals are attempting to take advantage of legitimate platform features to attach a ‘weaponized’ document (for example, a Microsoft Office document) containing ransomware in a phishing email.
What can be done? The IT firm advises setting standard information security practices, such as keeping software and security solutions up-to-date. The proliferation of low-cost attack methods such as social engineering is a reminder of the importance of security awareness training for employees. Download at www.microsoft.com/sir.
Comment
Tim Helming, director of product management at cyber company DomainTools said: “While it should undoubtedly be an encouragement to security professionals and organizations alike that malicious actors are no longer targeting software with as much zeal as they once did, the fact that human error still remains an appropriate target is an indication that educating the general public on potential cyber-risks, and best practices is where we still have the most ground to make up. Human error, typified by a willingness to click on unverified, unsolicited emails or texts, is still working to make the increased security spending most companies have displayed redundant. Only by combining appropriate security tools and educational initiatives will we start to see a significant dip in the profitability, and therefore prominence, of cybercrime.”
