There’s never a dull moment in the world of cybercrime. During the first half of 2019, 4.1 billion records were exposed across 3,800 publicly disclosed incidents. Ransomware and cryptojacking also continue to cost victims increasing amounts of money to fix, while other attacks launched by hacktivists, ruthless competitors, and state-sponsored attackers cause even more disruption.
Here are the biggest cybercrime developments we’ve witnessed over the past year:
While 2017 is commonly seen as the year of ransomware, given the sudden rise of WannaCry and NotPetya, it would be a grave mistake to think we’re out of the woods. Ransomware has evolved into a more dangerous and targeted model. New ransomware strains are appearing on dark web marketplaces as developers recruit others to expand their reaches. In fact, before closing down earlier this year, GandCrab’s developers reported profits over $2 billion, making it by far the most successful example of Ransomware-as-a-Service (RaaS).
The cryptocurrency boom might be well behind us, but the fact that it now typically costs more in terms of energy usage to mine cryptocurrency than the value of the currency itself means nefarious operators have started looking elsewhere. Cryptojacking malware offers a low-risk and guaranteed way for cybercriminals to make easy money by using their victims’ computing resources to mine cryptocurrency for them.
Although cryptojacking doesn’t involve the theft of data, it can bring systems to a crawl by consuming bandwidth. One of the most disturbing developments in 2019 was Hidden Bee, which embeds malicious payloads in image file formats via a technique called steganography.
As technological controls get better at filtering out malware, cybercriminals are increasingly looking to exploit the weakest link — people. Phishing attacks are used to spread ransomware and other malware. Today, attackers are more targeted, with some even leveraging artificial intelligence (AI) to learn more about their targets and automate highly sophisticated attacks. The most impersonated brands in 2019 included Apple, Facebook, Google, Microsoft, and PayPal.
Another major threat is business email compromise (BEC), which involves the impersonation of company executives and other familiar parties to conduct high-profile phishing scams.
No other form of malware has delivered more payloads of ransomware and cryptojacking than botnets, which are installed across huge networks of connected devices. One of the largest botnets in 2019 was Emotet, which started as a Trojan designed to steal banking data. It has since evolved into a common distribution method for other types of malware, spam, and malicious scripts and macros.
In terms of cybersecurity, 2019 was a particularly tough year for most businesses. The types of attacks used by cybercriminals were many and varied, and such attacks will likely become even more sophisticated in 2020. To prepare your business for what’s to come, partner with Simplified IT Consulting. We provide top-notch services and beef up your company’s defenses against the newest cyberthreats. Ensure your business’s safety and call us today.