HomeTech and GadgetsComputersMalware, Bots, Ransomware, Cybercrime and the Future of Interconnectedness

Malware, Bots, Ransomware, Cybercrime and the Future of Interconnectedness

For more than 20 years Webroot has compiled a list of cybercriminal activity on the Internet. The Colorado-based company has been maintaining a proprietary threat database which it keeps on top of to track the most insidious malware and cybercriminal strategies deployed by hackers. In its 2020 Webroot Report, from which some of the information below comes, it analyzes trends in the use of malware, ransomware, high-risk URLs, phishing attacks, malicious IP addresses, and harmful mobile apps.


In recent weeks cybercriminal attacks on businesses and government have made U.S. and global headlines.

In February 2021 a water treatment plant in Florida was hacked briefly compromising the water supply to Oldsmar and its surroundings.

In March, a large U.S. insurance company, CNA Financial Corp., was locked out of its computer network for two weeks.

In April, the NBA’s Houston Rockets were hacked with contracts and confidential documents stolen under threat of public release.

In May the Colonial Pipeline had to shut down its operations causing gasoline shortages in the Eastern U.S.

In June meat manufacturer, JBS S.A. was breached and ceased operations for two days.

And this month an IT company, Kaseya, providing systems services to 17 countries, was hacked with a ransomware pay demand for $70 million US.

These are the most noteworthy cybercriminal attacks of 2021 and follow 65,000 successful reported network and system breaches in 2020 with $350 million in ransom payouts to the hackers.

Coveware, a company that helps ransomware victims to pay off cybercriminals, has steadily reported an increase in payouts to hackers. In the third quarter of 2019, it had reached more than $41,000 per attack. In 2021 with the latest ransomware attacks, payouts are getting much steeper.

What is Malware?

Malware describes a wide range of cybercriminal tools designed to exploit weaknesses in home, business and government computer systems with botnets leading the way to deliver ransomware and crypto mining payloads.

For computer users two positive trends have emerged of late:

  • the number of malware files per device on home computer systems has been on the decline.
  • businesses, because they are becoming increasingly aware, have implemented more layers of cybersecurity defence.

Nevertheless, in its report Webroot notes that 12.6% of home computer systems encountered infections, while 7.8% of businesses had infected personal computers in 2019.

What was most often found after dissecting these attacks?

Botnets and ransomware including the following:

  • Emotet has been the most prevalent botnet since it emerged in 2014. Its origins are Ukraine. It is also known as Heodo and is used to deliver a variety of malicious payloads to vulnerable computer systems. It is a great companion to ransomware malware.
  • Trickbot is a botnet that partners with banking trojan malware such as IcedID and Ursif. Its modular infrastructure makes it a serious threat for any network it infects. When combined with Ryuk (see below) ransomware, it can be devastating to victims.
  • Dridex was once one of the most prominent botnet banking trojans. Now it acts to implant Bitpaymer ransomware.
  • Ryuk is ransomware that locks files or systems and holds them hostage for ransom. It is also known as Hermes and is attributed to CryptoTech, a cybercriminal group.
  • Gandcrab provides cybercriminals with ransomware-as-a-service (RaaS) and demands cryptocurrency as payment. It has been decrypted and as a result, has evolved five different iterations to confound those attempting to defend against it.
  • REvil is Gandcrab’s successor after decryption. It also goes by the name Sodinokibi and was responsible for the recent hack of the meat producer, JBS, and collecting an $11 million US ransom.
  • CrySIS, also known as DARMA, is ransomware that most often is distributed to unsuspecting hosts via spam email attachments. It also disguises itself as installation files for well-recognized and legitimate software making the computer and systems users believe it can be downloaded and is safe.
  • In a recent attack, CrySIS was delivered as a download link in a spam email. The link pointed to a password-protected, self-extracting bundle installer. The password was given to the potential victims in the email and, besides the CrySIS/Dharma executable, the installer contained an outdated removal tool issued by a well-known security vendor. The typical ransom demand is a payment of one Bitcoin (currently over $33,000 US).
  • Hidden Bee is a trojan bot that delivers cryptomining payloads to unsuspecting computers inside JPEG and PNG images, as well as WAV Flashplayer media. Its origin is China. It takes over some of the infected system’s capacity to mine cryptocurrency, diminishing the computer’s performance.
  • Retadup is called a malware worm that infects Windows-based computer systems. It like Hidden Bee hijacks the host to do cryptomining which seriously diminishes performance.

Cryptomining and cryptojacking when compared to ransomware are seen as less threatening because no money exchanges hands. But companies need to remove these malware infections immediately upon identifying them because they bleed system performance over time. They can even creep to company websites not using Hypertext Transfer Protocol Secure (HTTPS) explained further down in this posting. In 2019, 8.9 million sites on the web were found to host cryptojacking scripts.

Other crypto miners to come and go include Coinhive, Cryptoloot, and CoinImp.

Inbox Vulnerabilities

Email is the route for most malware to infect computer systems. Whether it comes from social engineering strategies like phishing, or from hidden bots, and ransomware in attachments, this is the preferred and easiest way for cybercriminals to gain access. The greatest vulnerability threats come from:

  • Office Colleagues and not hackers. Poor password and authentication procedures leave users and companies open to cybercriminals.
  • Spurious email comes in the form of deep fakes that target individuals. Spoof email accounts can impersonate colleagues. Unsolicited gift card offers can be a hidden trap. In 2019, these types of emails increased by more than 100%, and over the last three years, led to $26 billion US in thefts.

In 2019 phishing attacks grew sixfold. The most vulnerable companies included Google, Chase, Microsoft, Apple, Dropbox, PayPal, Adobe, Wells Fargo, Amazon, Netflix, Instagram and Yahoo. Sure reads like a “who’s who” of company heavyweights.

High-risk URLs and IP Addresses

Did you know that one in four malicious URLs are hosted on non-malicious sites? These infiltrations occur because of poor access control practices for adding web content. Why do cybercriminals try this strategy? Because they know that it is difficult to block content placed on an otherwise legitimate website.

The easiest way to ensure a website is less prone to being infected by hackers is to adopt HTTPS, Hypertext Transfer Protocol Secure, which is an extension of the Hypertext Transfer Protocol used for secure communication over the Internet. HTTPS encrypts the communication protocol using Transport Layer Security, formerly known as Secure Sockets Layer. Despite the known vulnerability to hackers, however, more than 22% of web addresses still do not use HTTPS addresses.

Then there are cybercriminal attempts to penetrate IP addresses, the unique representation of specific networks, computers, and other connected devices on the Internet. Cybercriminals take advantage of weaknesses in the existing IPv4 protocol. It was thought that with the widespread adoption of IPv6, such attacks would lessen. But in fact, they have increased with a proliferation of malicious IP addresses that if a user connects to exposes his or her computer or systems network to hackers who then find a way to get in.

Mobile Apps

Whether you are Apple or Android, apps malware is on the rise. It is not as prevalent as what is found in the Windows PC world but it is a growing phenomenon. The Google Play Store has been particularly vulnerable to Android malware occurrences. In 2018, Google estimated the probability of downloading a potentially harmful app was 0.64%. Since then Google has found 17,000 Android apps infected with malware. These have been pulled off the site.

Apple has fewer security lapses on its App Store than Google because it has greater control of its development environment. But even here malicious apps have snuck in. In 2019, 18 were discovered by Wandera, an Apple security software provider.

A Final Word

There will never be perfect security for computer systems and networks. The human element in the equation is too strong. States Hal Lonas, Senior Vice President and Chief Technology Officer at Trulioo, a global identity verification company, “Ultimately, there is no silver bullet, there never has been, and there never will be.” But we can achieve a degree of cyber resilience which will be the subject of a future posting here at 21st Century Tech Blog.

Postscript Update

The Russian-situated ransomware organization REvil, identified by U.S. intelligence as responsible for attacking a number of American companies, after a summit meeting between Presidents Biden and Putin, in which the former demanded the latter to shut down it among a number of others, went dark suddenly this week according to The New York Times.

Another Russian group, Darkside, which attacked the U.S. Colonial Pipeline has also gone dark for the moment.

The remaining questions are:

  1. Did Putin order these two ransomware sites to cease operations?
  2. Or did American countermeasures do the trick?

If the latter, this marks the beginning of a war with no bullets fired, just code and countermeasure code. And knowing how software runs almost everything in our 21st-century world, this new war front is broad and harder to defend. Let’s hope it doesn’t escalate.

 

lenrosen4
lenrosen4https://www.21stcentech.com
Len Rosen lives in Oakville, Ontario, Canada. He is a former management consultant who worked with high-tech and telecommunications companies. In retirement, he has returned to a childhood passion to explore advances in science and technology. More...

LEAVE A REPLY

Please enter your comment!
Please enter your name here


Most Popular

Recent Comments

Verified by ExactMetrics