The Cyber Threat Environment

A Cyber Security Month Special

This year’s unreported story is the surge of organized crime hacking from Russia, The Ukraine, Bangladesh, and China. Over the past 3 years, Russian organized crime cybercrime attacks have multiplied 10 times. The modern threat appears to encompass 3 areas, financial theft, ransomware, and identity data mining.

Attackers are beginning to change tactics to match new internet habits. Instead of the old-line email schemes, the sophisticate malware such as Svpeng are targeting mobile devices and social media. They are also exploiting software vulnerabilities. Sofacy is a syndicate closely associated with the Russian Republic and it attacks governments’ cyber systems and people like us who are connected to the government. There are some threats which use the internet to attack the internet, such as Mirai botnet, which caused widespread outages in October of 2016. Ransomware is up 11.4% this year. Wannacry made the headlines, but many other more sophisticated programs are making their rounds.

Early this year, the mobile threat mushroomed, according to Kaspersky lab. A number of new Trojans which run hidden in games, unofficial app stores, porn or even a few official app store applications. Some of these hide until a user visits financial sites then gives a fake token. A new version can even bypass capita. Another version diverts the user to a fake version of the banking website. Yet another version mines data from the user and sends it to sources who package and sale it on the “dark web”.

Recent examples from the Second Quarter IT Threat Evolution by Kaspersky lab include a new sophisticated generation of threats such as The Lamberts. It calls Lambert a “highly sophisticated malware that relies on high-level techniques to sniff network traffic, run plugins in memory without touching the disk and making use of exploits against signed drivers to run unsigned code on 64-bit Windows systems”. Infection method is unknown in many cases.

Methods of safeguarding include not jailbreaking your mobile device, obtaining apps from official sources, being mindful of social media social engineering schemes and fake accounts, backup your material both physically on an external source and with a cloud service, and keeping updates current. One may also consider surfing the internet in a non-administrative profile. 85% of attacks can be avoided with these 4 simple suggestions and recovery effected with a backup strategy if compromised.

Looking ahead, the experts expect more social media page attacks diverting customers to fake sites, more mobile attacks aimed at financial exploitation, and the beginning of attacks on the Internet of Things which could turn some of them into the internet of bricks.