Some payloads steal certain types of data, some may surreptitiously use cameras or microphones, and some may set up huge networks of infected bots to do things like DDOS attacks or to send masses of junk emails. Their goal is nation-state dominance.
Then we have cybercriminals who are in it for the money. Most of what consumers and enterprise see – ransomware, crypto-coin mining, banking trojans etc., – are cybercriminals using tools readily available on the Dark Web or developed by hacker staff.
So, let’s call this for what it is – crime committed using the internet (an IP wide area network) to break into computing devices via a vulnerability. It is no different from a criminal breaking into a house via a badly designed lock.
GG: You mentioned that consumers benefit from enterprise protection. How?
Enterprise, especially those with customer databases are daily targets for cybercriminals. Most access comes via emails – highly developed, machine learning or AI-driven, social engineered, spear phishing; masquerading as a colleague (Business Email Compromise); or spoofing (using a known trusted address).
The aim is to elicit action. Go to a website, click on a link, transfer funds – anything that the recipient can do in their job. We call that self-sabotage – weak passwords, weak security, weak people and all can be fixed.
Once a cybercriminal is inside a computer, they can browse the network and decide on what goodies to take.
Simply put enterprise employs dozens of best of breed tools to stop this and this intelligence flows down to the consumer via online malware detection clouds and endpoint software. In our case, we develop ZoneAlarm for home and small business, and it’s the same protection as enterprise has on its endpoints.
What consumers don’t have, and frankly cannot afford is the perimeter hardening tools like enterprise firewalls, sandboxes, patch management, hyper-scale management etc.
But these tools are also coming to SaaS (Security as a Service) where SMB and consumers won’t have to worry – all it will cost is a small monthly fee.
GG: What are your predictions for the coming year?
More of the same only faster! Some years we play catch up with the bad guys, and some years we edge ahead. Make no mistake – cybercrime is big money and cybercriminals have all the latest tools like machine learning and AI.
2017-2018 was the year of ransomware. It’s still a huge threat, but things like the No More Ransom Project (and we are an Associate Partner) are helping to slow that down. We – the security industry – played catch up to help beat ransomware, and it is no longer as profitable for cybercriminals.
2018-2019 is the year of crypto-currency miners and nearly half of the top ten malware threats take over your PC, mobile or even IoT to mine cryptocurrency. Why? Because together huge botnets can make money for cybercriminals and you pay via your data, power and hardware overheads.
- ↔ XMRig – Open-source CPU mining software used for the mining process of the Monero cryptocurrency, and first seen in-the-wild on May 2017.
- ↑ Cryptoloot – Cryptominer, using the victim’s CPU or GPU power and existing resources for cryptomining – adding transactions to the blockchain and releasing new currency. It is a competitor to Coinhive, trying to pull the rug under it by asking a smaller percentage of revenue from websites.
The other threats focus setting up spam servers, adware, stealing data etc.
Remember personal data is gold and goes into your profile on the Dark Web to help with Identity Theft or AI-driven spear phishing.
- ↔ Emotet – Advanced, self-propagate and modular Trojan. Emotet once used to employ as a banking Trojan and recently is used as a distributor to other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. Also, it can spread through phishing spam emails containing malicious attachments or links.
- ↔ Nivdort – Multipurpose bot, also known as Bayrob, that is used to collect passwords, modify system settings and download additional malware. It is usually spread via spam emails with the recipient address encoded in the binary, thus making each file unique.
- ↔ Dorkbot – IRC-based Worm designed to allow remote code execution by its operator, as well as the download of additional malware to the infected system.
- ↑ Lokibot– Lokibot is an Info Stealer distributed mainly by phishing emails, and is used to steal various data such as email credentials, as well as passwords to CryptoCoin wallets and FTP servers.
- ↑ Gandcrab- GandCrab is ransomware distributed via the RIG and GrandSoft Exploit Kits, as well as email spam. The ransomware uses an affiliates program, with those joining the program paying 30%-40% of the ransom revenues to the GandCrab author. In return, affiliates get a full-featured web panel and technical support.
- ↓ Ramnit– Banking Trojan that steals banking credentials, FTP passwords, session cookies and personal data.
GG: OK the hoary old question – PC or Mac?
Mac desktop/laptop market share is static at around 9%. Linux is about 2% and Windows about 88%. Cybercriminals go after the money, so it makes sense to go after Windows.
But macOS is not safe as our Malware Pedia shows. While there is nowhere near as much Mac malware, it is more sophisticated to get around Mac’s native defences. If you use Mac read the Mac Malware Pedia link above and get some protection NOW.