lolloj - Fotolia

Cyber attackers switching to covert tactics

Cyber criminals are moving away from mass, high-profile attacks to ones that are stealthy and more subtle – as well as attacks targeting systems typically used in critical infrastructure, researchers say

Cyber criminals are moving away from attention-grabbing ransomware attacks to more covert methods intended to steal money and valuable computing resources, a report reveals.

Illicity cryptocurrency mining, also known as cryptojacking, is having the biggest impact so far this year, according to the latest mid-year security roundup report from security firm Trend Micro.

The report reveals a 96% increase in cryptojacking detections in the first half of the year compared with the whole of 2017, and a 956% increase in detections compared with the first six months of 2017.

This indicates cyber criminals are shifting away from the quick payout of ransomware in favour of the slower, behind-the-scenes approach of stealing computing power to mine digital currency, the report said.

“The recent change in the threat landscape mirrors what we’ve seen for years – cyber criminals will constantly shift their tools, tactics and procedures to improve their infection rates,” said Bharat Mistry, principal security strategist for Trend Micro.

“Standard spray and pray ransomware attacks and data breaches had become the norm, so attackers changed their tactics to be more covert, using entry vectors not previously seen or used extensively,” he said, adding that this means that business leaders must once again evaluate their defenses to ensure sufficient protection is in place to stop the latest and most pressing threats.

Another shift in the first half of the year is toward unusual malware types, such as fileless malware, macro malware and small file malware.

Trend Micro recorded a 250% increase in detections of one particular small file malware, TinyPOS, compared with the second half of 2017, which the report said may be due to the increased ability of these malware types to circumvent defences that use only one type of security protection.

Additionally, the Trend Micro Zero Day Initiative (ZDI) published more than 600 advisories in the first six months of 2018. Based on this increase in advisories, the ZDI is able to predict what types of vulnerabilities are likely to be used next in real-world attacks.

Among the advisories this year, the ZDI purchased and disclosed twice as many Scada (supervisory control and data acquisition) vulnerabilities compared with the same period last year.

IT security managers running these environments, typically associated with critical national infrastructure, must stay alert to this growing threat, the report said, especially as actors begin to perform destructive attacks rather than mere reconnaissance and testing.

The report advises organisations to consolidate their security controls by using a supplier that can provide complete, multi-layered protection against both commodity malware and emerging threats.

Read more on Hackers and cybercrime prevention

Data Center
Data Management