Shifting allegiances of hackers causing confusion for defense efforts

According to cybersecurity company Optiv, hackers are now impersonating each other to hide their true goals.

Top 5 tips to prevent ransomware Ransomware continues to present a real cybersecurity threat. Tom Merritt offers five ways you can prevent it from affecting your business.

Cybersecurity company Optiv released a thorough overview of the threat landscape that governments, companies, and individuals faced in 2018.

Optiv's 2019 Cyber Threat Intelligence Estimate (CTIE)  is modeled after the kinds of reports US intelligence agencies give to Congress and was compiled by the company's Global Threat Intelligence Center, cybersecurity firm IntSights and cloud security company Carbon Black. 

"Leaders have to anticipate and prepare for larger, more numerous attack surfaces, additional security challenges, and new opportunities for attackers. Given all this, cybersecurity and risk management can no longer be just the province of IT professionals and network administrators," said David Petraeus, a retired US Army General and Optiv board member. 

"CEOs, corporate board members, CISOs, and other executives have to make cybersecurity 'C-suite business' in order to ensure their companies secure what they have, while enabling continuous business and operational change and keeping pace with ever-changing threats in order to identify and thwart would-be hackers and respond rapidly to malicious activity."

Citing data from the Privacy Rights Clearinghouse and FBI, the Optiv report said there were 50,642 personal breaches, 2,480 corporate data breaches and 828 major data hacks that made 1.3 trillion records public in 2018. 

Hackers are now diversifying their efforts between attacks for personal gain and others on behalf of governments. According to the report, many cybercriminals are now intentionally hiding their goals in an effort to lead authorities down endless rabbit holes. 

SEE: Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic Premium)

The study broke down the threat landscape by industry, type of attacker, and method of attack, while also describing ways governments and companies can defend themselves.

Malware was the most common threat noticed in the Optiv report, with cryptomining, Trojans, adware, and ransomware being most popular versions. 

Phishing attacks were also a go-to move for cybercriminals due to its ease and lack of exposure. Since the Mirai botnet was released in 2016, hackers have created variations of it that use other methods to attack IoT devices. Satori, JenX, OMG, Wicked, and IoTrojan are all somewhat similar to Mirai.

In a riff on how many tech companies now offer their products, hackers have similarly moved toward a "phishing-as-a-service" system, where cybercriminals use for-hire botnets to lower the cost of campaigns and make it more widely available.

Optiv's report notes that in October 2018, researchers found a platform named "0x-booter" that resembled a combination of the Mirai and Owari botnets, giving criminals an easy way to deploy attacks. Hackers also switched their focus throughout 2018, moving more toward Linux-based attacks after starting out the year attacking Windows as well.

Blockchain and cryptocurrency were also major targets for hackers, who often ask for cryptocurrencies in ransomware attacks and spent 2018 stepping up efforts to outright rob or rig markets whenever they could.

Optiv's report said "51% attacks" affected Bitcoin Gold, Litecoin Cash, MonaCoin, Verge, Vertcoin, and Horizen.

Cybercriminals were able to steal more than $800 million in cryptocurrency in 2018 by pouncing on vulnerabilities in exchanges like BitGrail, Bithumb, Coinrail, and Coincheck.

Optiv's report calls them "51% attacks" because blockchain systems are probabilistic, meaning hackers can start making fake transactions if they can scrounge up more than half of the available computing power in a given cryptocurrency network.

Cybercriminals were also engaging in blockchain poisoning attacks, hoping to prompt GDPR violations by pumping in personal information. Cryptojacking was becoming an easy tactic for hackers to use for free, untraceable access to computing power and money. 

The Optiv report found that industries like finance, retail, automotive, chemicals, and energy were the most likely to be targeted with phishing attacks by a variety of threat actors.

Healthcare industry enterprises were more likely to face customized malware, while retail companies were high-value targets for point-of-sale malware. Governments were generally dealing with attacks from other nation-states, which Optiv's report called advanced persistent threats. 

The financial industry was hammered by cyberattacks throughout 2018 with nearly 70% of financial institutions telling Optiv's researchers that they had seen an increase in attacks. Almost 80% said cybercriminals had become more sophisticated in the last year. 

Cybercriminals were also making an effort to avoid detection for the specific purpose of staying within systems for longer periods of time. More than half of the companies that spoke to Optiv said they had seen counter responses from hackers after their security teams took action to stop them.

In a bit of good news, Optiv's report says the GDPR was having a noticeable effect on safety, with both the UK and Germany seeing drops in the number of reported incidents.

When it came to threat actors, Optiv's report divided them into two pools: Nation-states and independent groups. The report lists countries like China, Russia, and Iran as having some level of control over active cybercriminal networks in addition to their own military-backed cyberdefense and attack efforts.

For companies, Optiv's report said hackers commonly used tools like Metasploit, Wireshark, Nmap, Hajiv, or sqlmap to look for easy-to-breach databases. There is now a sophisticated market for stolen data, with cybercriminals netting anywhere between a few dollars and tens of thousands for a database.

The report went through many of the major breaches that plagued companies in 2018, including Marriott International, Aadhaar, Equifax, Cambridge Analytica, Exactis, FitMetrix, and Ticketfly.

Companies like these should be ready to deal with more cyberattacks in 2019 because hackers were realizing that the bigger companies had more valuable data and more avenues of entry. The names, addresses, credit card numbers, and email addresses of hundreds of millions of people were released throughout 2018.

Researchers at Optiv wrote in the report that cybercriminals often held on to profitable databases, hoping to either sell it in bulk or dole out bits of information in a piece-meal fashion.

To help companies, Optiv's report listed a few tactics companies could employ for safety, including yearly audits of information-handling procedures as well as multi-factor authentication.

"The purpose of Optiv's 2019 CTIE is to help business leaders understand the ever-evolving threat ecosystem, and employ that knowledge to inform security decisions and investments, continually refining their cybersecurity and risk management programs," Petraeus said in the report.

Also see

Hacker using laptop

Image: iStockphoto/FOTOKITA