The Covid-19 situation has resulted in the acceleration of
digital transformation processes and the formal establishment of teleworking, which has brought an increase in cyberthreats to levels never seen before, never foreseen. Let's remember that Malware is a combination of two words - "malicious" and "software". This term describes any form of malicious code regardless of how it affects victims, how it behaves, or the damage it causes. Malware includes all types of malicious software including all known forms of Trojan Horses, Ransomware, Viruses, Worms, and Banking Malware. For a normal user, it is difficult to detect which file is malware and which is not. That's why security solutions exist, including vast databases of previously seen malicious samples and employing multiple protection technologies to detect the latest ones.
Today's malware writers are very creative. Their "creations"
spread via vulnerabilities in unpatched systems, bypass security measures, hide in memory, or mimic legitimate applications to avoid detection. However, even today, one of the most effective vectors for infection is the weakest link in the chain: humans. Well-crafted emails with malicious attachments have proven to be an efficient and inexpensive way to compromise a system. And it only takes one click to achieve it.
The first step is to keep all software up to date, including the
operating system and all applications. Not only to add features and improvements and fix bugs, but also to patch vulnerabilities that cybercriminals and their malicious code could exploit. However, this does not serve to cover all current threats. In addition, a trusted and up-to-date security solution is necessary to stop potential attack attempts. Backups made regularly and stored on an offline hard drive are another way to counter malware, allowing the user to easily replace any data that may have been damaged or encrypted by cyberattackers.
Let's remember and keep in mind a bit of history, The first
recorded virus was Pakistani Brain in early 1986. Its goal was to be as stealthy as possible. It infected the boot system of floppy disks and spread globally in a matter of weeks, something very remarkable since it was only distributed via 5.25" floppy disks. Since then malware has evolved in various ways and its creators are always finding new ways to affect victims. With the Internet, they have a powerful distribution network that provides them with a much simpler way to affect potential victims.This will always be the essential logic of a Hacker, and it remains for us to practice intelligence and counterintelligence to counteract them. Some malware families like WannaCryptor spread indiscriminately by encrypting files and causing global damage. Others affect more limited groups of victims, such as companies from a certain country in the case of Diskcoder.C aka Petya. A recent example of targeted malware was Industroyer. Discovered by ESET, this malware attacks industrial control systems used in the power grid and caused blackouts in Ukraine through the misuse of legitimate but unsecured protocols. It is one of the few malware families that is in the same category as Stuxnet: the first cyber weapon ever used.
Since the pandemic was decreed, there has been a growth
in cyberattacks, such as those against the Remote Desktop Protocol (RDP) and Ransomware. In 2022, the number of one billion malicious codes in the world will be reached. But these types of cyberthreats have not only increased, they are also more sophisticated. For example, today we talk about "Fileless Malware", which does not require entering any file into the system to run the Malware: It can be stored in the system's volatile memory. That is why monitoring and prevention technologies are important. During 2021 and 2022, 5 types of Malware have been detected:
1) Malicious Torrents: from the Kryptocibule Malware family,
which had not been previously documented. It uses cryptominers and clipboard hijacking to steal cryptocurrency and exfiltrate cryptocurrency-related files.
2) Android Threats: Here, Malware in the 'Hidden Apps'
category has dominated for three consecutive quarters in 2022. This cyberthreat consists of deceptive apps, which disguise themselves as games or utility apps, but after installation they hide their icons and display full screen ads.
3) IoT Cyberthreats: Being designed with little or no
security, IoT devices are easy targets for cyber attackers. To infect such devices with malicious bots, attackers can include them in botnets and exploit them for large-scale attacks.
4) Malware for Mac: In 2021, the Kattana trading application
for Mac computers was copied and trojanized. The attackers inserted Malware to steal information such as browser cookies, cryptocurrency wallets and screenshots, in 2022, this type of cyberthreat has been completely neutralized.
5) Malicious emails: In 2022, malicious software distributed
via email will increase. The most frequent detection in 2022 is a Microsoft Office Exploit.
The kidnapping of information increased during 2022,
ransomware is a constant cyberthreat that for a couple of years has been persistently attacking organizations, compromising critical infrastructures, such as government, health and energy institutions, and is becoming more and more complex. its detection and eradication. Ransomware and information leaks were consolidated in 2020. In this article, he points out that the operators behind various Ransomware families have added another risk to this type of attack, since in addition to hijacking files, they now practice extortion, with the cyber threat of leaking the compromised information. This modality makes use of the technique called Doxing, which consists of obtaining confidential data from the victims and threatening to make them public, unless the extortion is paid. Without a doubt, this increases the pressure on those affected, since it is not only about recovering the encrypted information, but also preventing the stolen data are made public.
As for Banking Trojans, better known as "Bankers"
malicious code widely used in the field of cybercrime, their function is to steal banking information from users of this type of service. These data are offered on the black market. Some people acquire them to carry out criminal activities such as extortion and fraud. Eleven families of banking Trojans have been identified around the world.
These families use encryption and obfuscation tools, they
seek to protect the code so that its analysis is difficult and thus protect the malicious activity they carry out in the systems. In their programming they include instructions that do not have a specific action, they are filled, they are garbage code, to avoid detections. So far, more than 50 financial institutions have been identified as being victims of identity attacks to deceive their users.
The most widespread cyberthreats in the last 3 years have
been: 1) Ransomware: its developers form organized groups and offer stolen data from their victims at auctions on the Dark Web. 203 different variants of Ransomware have been detected.
2) Exploits: malicious code that tries to take advantage of a
vulnerability in the systems to gain access to the equipment. Two more widespread families are EternalBlue (to which the WannaCry virus belongs) and BlueKeep (remote desktop vulnerability, something that becomes relevant in 2022 due to the teleworking trend).
3) Spyware: "classic tools" of cybercriminals. It is still key
for them to have a wide reach in the propagation. The HoudRat Trojan has been at the top of the list since 2020.
4) Phishing: during 2020 the number of detections of files
linked to Phishing campaigns increased by 27% and in 2022 it increased to 53% worldwide. It represents significant growth, since in 2019 the number of these detections was 15%.
The cost of financial cybercrime has exceeded $600 billion
and as if that were not enough, there is a lack of specialists since the changes in the cyberthreat landscape and the variety of new developments in Malware have highlighted the shortage of professionals in the field of cybersecurity. According to various studies published at the end of 2019, 4.07 million professionals specialized in the field of Cybersecurity were needed.