Selling personal information and compromised accounts of popular Instragram users has become more lucrative than ransomware and cryptojacking campaigns.
Hackers are changing tactics following strengthened security from high-value targets and diminished returns from cryptojacking attacks, as values of cryptocurrencies such as Bitcoin and Monero decline, according to a report from Positive Technologies released Tuesday.
Attack campaigns focused on end goal of direct financial gain fell from 53% in Q1 2018 to 33% in Q3. Stealing data from financial institutions has become more difficult for attackers, who have opted to target business plans or personal communication for blackmail purposes or resale on the Dark Web.
SEE: Cross-site scripting attacks: A guide for developers and users (Tech Pro Research)
Personal data represented 30% of stolen data in Q3 2018, with account credentials at 19%, and payment card information in third at 13%. The most frequent target is individuals (19%), followed by the government (12%), financial institutions (9%), and healthcare (8%).
Malware use was the most widespread attack type in Q3 2018, at 56%, a modest 7% increase from the previous quarter. Widespread attacks of GandCrab is the most likely driver of this growth, according to the report, though this may not be long-lived as free decryption tools for GandCrab have de-fanged the malware family.
Cryptocurrency mining has continued steadily declining, representing only 8% of attacks in Q3 2018, compared to 15% in Q2 and 23% in Q1. "Cryptocurrency mining is becoming more and more difficult (due to the increase in the hashrate)," according to the report. "In addition, the exchange rate of several cryptocurrencies has been falling since the early 2018. All these reasons make illicit mining unprofitable. At the same time, a first-ever prison sentence in cryptojacking case was issued in July 2018." Cryptocurrency exchanges continue to be an attractive target for hackers, as poor security practices among exchanges make it possible to steal cryptocurrency in bulk.
Against individuals, social engineering attacks increased dramatically between Q2 and Q3 2018, jumping from 38% to 60%, respectively. While standard email phishing attacks continued to persist, with an extortion campaign claiming that hacked phones recorded people on their webcams, a targeted campaign was waged against popular Instagram users. "Thousands of people lost their accounts, many of them having over 10,000 subscribers, according to the report, "The victims were often ready to pay a ransom to get their accounts back, as they had largely invested in promoting their accounts in the first place. If attackers fail to get ransom, they can try selling the accounts or using them to send spam messages."
The report provides some guidance for enterprises to avoid falling victim, including:
- Implement centralized management for timely installation of updates and patches.
- Use antivirus protection solutions with embedded isolated environment (sandbox) for dynamic file testing.
- Encrypt all sensitive information. Do not store sensitive information where it can be publicly accessed.
- Enforce a password policy with strict length and complexity requirements.
The big takeaways for tech leaders:
- Personal data represented 30% of stolen data in Q3 2018, with account credentials at 19%, and payment card information in third at 13%. — Positive Technologies, 2019.
- Cryptocurrency mining has continued a steady decline, as falling exchange rates make that strategy less lucrative — Positive Technologies, 2019.
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Phishing attacks: A guide for IT pros (TechRepublic download)
- Information security policy (Tech Pro Research)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2018 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)