The cyber landscape is rapidly evolving and the World Economic Forum has placed cyber attacks as one of the top three global risks for 2018.
Data breaches took centre stage in the past year, with shocking revelations regarding major customer data compromises. Security gaps in mobile features such as Bluetooth, as well as mobile app stores, have also meant that many malware variants continue to roam freely. In fact, millions of mobile devices worldwide have been infected by malicious apps generating high revenues for those who manage to infiltrate such app stores.
Check Point’s 2018 Security report reviews the most major attacks from 2017 and what threat they pose to your business.
2017 MAJOR CYBER ATTACKS TIMELINE
MAJOR INCIDENTS OF 2017
EQUIFAX DATA BREACH
In September, Equifax, one of the top three credit agencies in the US, suffered a breach that affected over 145 million customers. By exploiting a security flaw in the software package, “Apache Struts,” hackers were able to steal highly sensitive data including names, addresses, dates of birth, credit card numbers, Social Security numbers and driving licence numbers.
DELOITTE DATA BREACH
Deloitte, one of the world’s largest accountancy firms, was the victim of a cyber-attack that went unnoticed for months and affected six of their clients. It is strongly believed that the hackers breached an administrator account of Deloitte’s email system, which was stored in the Azure cloud.
UBER DATA BREACH
Due to hackers gaining login credentials to access data stored on Uber’s AWS account, the personal information of 57 millioncustomers and drivers were stolen. To make matters worse, Uber chose to cover up the breach by paying the attackers $100,000 to delete the confidential documents rather than report it.
UNC HEALTH CARE
Over 1,300 pre-natal patients of the University of North Carolina Health Care System were affected by a serious data breach. Breached information included full names, addresses, races, ethnicities, Social Security numbers and a variety of health-related information.
VAULT 7 LEAK
In April, the WikiLeaks hacktivist group leaked a suite of hacking tools believed to belong to the Central Intelligence Agency (CIA). Its malware arsenal and dozens of zero-day weaponised exploits were thought to be targeted against a wide range of US and European company products, including Apple’s iPhone, Google’s Android, Samsung TVs and Microsoft Windows.
US CRITICAL INFRASTRUCTURE
The US government warned that ‘Dragonfly,’ an allegedly state-backed advanced persistent threat (APT) group, has been using a combination of tactics and techniques to try and gain access to vital industrial control systems (ICS) at US energy companies and other critical infrastructure organisations via the networks of their suppliers and trusted third parties.
ATTACK RATES IN EMEA
Check Point Research revealed how ransomware attacks in EMEA have doubled from 28% in 2016 to 48% in 2017 due to highly sophisticated malware now being unleashed by low-level hackers. Almost 20% of organisations were impacted by the Fireball malware, it infected over 250 million computers worldwide.
CRAFTY CRYPTO-CURRENCY HEISTS
With the theft of $120 million worth of Bitcoin from Youbit, a relatively unknown South Korean crypto-currency exchange, cyber criminals were seen tapping in to the crypto-currency craze in a big way. Rather than doing the hard work of mining the valued digital asset itself, cyber criminals instead often choose to steal it from others who have done so. Due to the meteoric rise in crypto-currency prices last year, billions of dollars have already been stolen from individuals and exchanges alike.
A start-up on the Ethereum platform, Confido, scammed thousands and then vanished from the internet after raising $374,000 from investors in an Initial Coin Offering (ICO) fundraiser. While many crypto-currencies are still trying to find a useful application in the real world, Ethereum has become a darling among financial types because ICOs allow start-ups to raise huge investments in lightning fast funding rounds.
A hacker pulled off the second biggest heist in the history of digital currencies by exploiting a critical flaw in the Parity multi-signature wallet on the Ethereum network, draining three massive wallets of over $31,000,000 worth of Ethereum in a matter of minutes. The attacker could have stolen much more if it wasn’t for the quick action of benevolent white-hat hackers who rapidly organised to block him.
CRAFTY CRYPTO-CURRENCY HEISTS
Thousands of operations and patient appointments were cancelled at the UK’s National Health Service (NHS), as well as mass disruption across thousands of companies and public utility organisations worldwide, including Telefónica and German State Railways, as a result of the infamous WannaCry ransomware attack. The attack sent organisations back to pen and paper methods as the ransomware locked down their computer systems and demanded payment in Bitcoin to decrypt their files and return access.
Costing Nurofen and Durex manufacturer Reckitt Benckiser over $100 million alone in disrupted production and deliveries, the NotPetya ransomware caused large-scale havoc around the world. Although it was primarily aimed at the Ukraine, it affected companies globally, from Danish logistics firm Maersk to the US delivery service FedEx and the UK’s advertising firm, WPP. After taking grip of an infected computer, the malware demanded $300 worth of Bitcoin to be paid to the perpetrators.
In October, another new large-scale ransomware attack was unleashed against critical infrastructure companies as well as organisations in the healthcare, finance, distribution and software industries. The attack mainly focused on the Ukraine where Kiev Metro, Odessa International Airport and the Ministries of Finance and Infrastructure were brought down. This time the perpetrators locked down their victims’ computers and demanded $280 worth of Bitcoin to decrypt it.
DAMAGING DDOS ATTACKS
KOREAN BANK EXTORTION
In exchange for not disrupting the online services of seven South Korean banks, a group calling itself “Armada Collective” demanded about $315,000 to be paid in Bitcoin by threat of a Distributed Denial of Service (DDoS) attack. South Korean financial institutions are accustomed to being targets of cyber-attacks, having faced similar threats since 2011.
UK NATIONAL LOTTERY
Millions of customers were disappointed to not be able to buy their weekly lottery tickets as the UK National Lottery’s website was knocked offline by a large-scale DDoS attack. To make matters worse, the organization had been warned earlier in the month of such an attack if a Bitcoin ransom was not paid.
In October, a flurry of DDoS attacks against the ISPs that power the Swedish Transport Administration’s (Trafikverket) transportation services were carried out, causing huge train delays and disrupting travel for many busy commuters. The attack took down the agency’s email system, website, and traffic maps, resulting in train traffic needing to be managed manually.
INVASIVE MOBILE MALWARE
COPYCAT & EXPENSIVEWALL
CopyCat, the mobile malware that infected more than 14 million devices around the world, made millions of dollars by taking advantage of outdated devices with fake apps. It earned the hackers behind the campaign approximately $1.5 million in fake ad revenues in just two months. In addition, a new variant of Android Malware, dubbed ExpensiveWall, that registered mobile-device users for paid services without their permission was discovered in the Google Play Store. The malware had infiltrated the Google Play app store and infected at least 50 apps. The infected apps were downloaded between 1 million and 4.2 million times before Google removed them.
LAZARUS GROUP GOES MOBILE
A new cluster of malware samples which targets Samsung devices and Korean language speakers was discovered, including some found in Korean Bible apps. The Lazarus Group, allegedly backed by North Korea, is popularly believed to be behind the attack with the intention of specifically targeting the population of South Korea.
PRE-INSTALLED MOBILE MALWARE
Check Point found that every organisation suffered a mobile malware attack in the past year, with 89% experiencing at least one man-in-the-middle attack over Wi-Fi. In addition, 36 Android devices within just two companies surveyed contained malware which was pre-installed somewhere in the delivery chain. Some of the malware even had access to system privileges, meaning they could not be removed by the user and the device had to be re-flashed.
BOTNET ARMY RECRUITMENT
Like the infamous Mirai botnet, Hajime spread through unsecured devices that have open Telnet ports and use default passwords. Hajime has reached an astounding spread of over 300,000 devices, but its purpose remains unknown. While some speculate it is an operation to clean the IoT internet from the Mirai botnet, it could easily be abused for malicious purposes.
A new attack vector, dubbed ‘BlueBorne,’ was discovered, operating via a combination of eight different vulnerabilities affecting Android, iOS, IoT devices, Windows, and Linux. The BlueBorne vulnerabilities are ‘wormable,’ meaning they can spread from one device to the next without further commands from the attacker, thus creating large botnets. This attack vector requires no action from the user, nor any preconditions or configurations aside from the Bluetooth being active.
A brand-new Botnet, dubbed ‘IoTroop,’ evolved and recruited IoT devices at a far greater pace and with more potential damage than the Mirai botnet of 2016. IoTroop spread via security holes in IoT software and hardware, and indications show that over one million organisations were affected. The botnet has still yet to launch its attack, but when it does the results could be potentially devastating.
THE FUTURE IS CLOUD & MOBILE
Mobile devices are part of the IT ecosystem and businesses around the world. However, in most organisations, these devices are not secured at anywhere near the level they should be in relation to the value of the assets they store. Flaws in mobile operating systems and technology will continue to be discovered, highlighting the need for organisations to deploy advanced protection against mobile malware and interception of communications.
Mobile malware will also continue to proliferate, especially mobile banking malware, as the Malware-as-a-Service (MaaS) trend, which lowers the demand for technical ability on the part of the threat actor and thus makes it easier to carry out attacks, continues to evolve and grow.
MOVING TO THE CLOUD
Although cloud usage is now widespread among businesses due to the agility and cost reductions it offers, it is still relatively new technology and continues to evolve. This provides hackers more backdoors to access deeper into enterprise systems.
As a result, misconceptions about the levels of security needed, along with a lack of understanding regarding the responsibility for that security, are common. This leaves the door wide open to breaches.
The growing adoption of SaaS-based email such as Office 365 and Google’s G Suite, as well as IaaS, makes it an attractive target for cyber criminals, and it is expected that these will be increasingly targeted during 2018.
Furthermore, these potential threats will be compounded by the heavy penalties that regional regulations such as GDPR could inflict upon companies who do not comply with these new regulatory obligations.
MOBLICITI ARE HERE TO HELP
Mobile technology has revolutionised our working practices. The worlds of Mobile and Cloud have collided, and users are increasingly using personal Cloud services on their mobile devices in preference to traditional work solutions. With the rise of the Cloud comes the challenge of how to protect and secure data. Identifying which employees are accessing Cloud services whilst ensuring corporate data isn’t leaving the organisation via unapproved apps are further challenges.
Mobliciti have a variety of products that can help protect your business, including our fully managed mobile & cloud security solutions. Get in touch today to discuss your business requirements and how Mobliciti can alleviate the stress of the ever-growing mobile threat landscape.