santiago silver - Fotolia
Cyber criminals are switching away from ransomware to stealthier attacks as the main sources of generating revenue, according to analysis by British artificial intelligence (AI)-based cyber security firm Darktrace.
The firm’s latest cyber threat landscape report is based on analysis of threats recorded from a customer base of more than 7,000 deployments.
The data reveals that the incidence of banking Trojans, which harvest the credentials of online banking customers from infected machines, increased by a staggering 239% in 2018 compared with 2017.
Darktrace also detected a 78% growth in the frequency of another under-the-radar threat, cryptojacking, within the same time period.
These increases coincide with a significant decline in the popularity of ransomware, which decreased by 28% between 2017 and 2018.
While ransomware attacks are highly visible and require the cooperation of the targeted firms in paying to decrypt their data encrypted by the ransomware, cryptojacking is designed to remain hidden.
The attack essentially acts as a parasite on an organisation’s computing systems to create a cryptomining bot, and the attacker may co-opt many systems to create a botnet.
Despite the rise in popularity of cryptojacking, however, banking Trojans once again appear to be the most profitable tool for cyber criminals, according to Max Heinemeyer, director of threat hunting at Darktrace.
“Unlike ransomware, banking Trojans do not rely on a victim’s conscious willingness to pay. Instead, they use deception to perform transactions without the victim’s knowledge. Given the decline in ransomware incidents in 2018, it seems that subtler attacks have become the weapons of choice for hackers,” he said.
In one Fortune 500 e-commerce company, Darktrace discovered a privileged access user – a disgruntled systems administrator – was hijacking power sources from the company’s infrastructure for monetary gain. The employee co-opted other users’ credentials and service accounts to stealthily take over multiple machines for the purpose of cryptomining.
Darktrace’s 2018 threat data also revealed that more than 15% of internet of things (IoT) devices detected by its AI technology were unknown to businesses concerned, with a 100% year-on-year increase in IoT attacks.
This lack of visibility into what IoT devices are on a company’s network has enabled cyber attackers to manipulate and exploit them, the Darktrace analysis concludes.
The research also found a 28% year-on-year increase in threats targeting cloud and software-as-a-service (SaaS) systems compared with the previous year.
“As innovative businesses continue to adopt connected devices and migrate to cloud and SaaS infrastructures, these attacks will almost certainly rise exponentially in 2019,” said Heinemeyer.
“With hackers adopting stealthier techniques, security teams need to find a way of gaining visibility and control of their corporate networks.”
As an AI-based cyber security firm, Darktrace claims that to overcome these fundamental limitations, security teams must be willing to rethink their security tactics and use AI technology to battle against machine-speed attacks.
Created by mathematicians, Darktrace’s Enterprise Immune System uses machine learning and AI algorithms to detect and respond to cyber threats across diverse digital environments, including cloud and virtualised networks, IoT and industrial control systems.
The company claims that its technology is self-learning and requires no setup, identifying threats in real time, including zero-days, insider threats and stealthy, silent attackers.
Underlining the need for organisations to be able to detect and respond to novel threats that will inevitably bypass traditional defences, Darktrace has also released a report on the most innovative and unusual threats the company has discovered across its customer base in the past six months.
This report details seven case studies of attacks in which Darktrace claims that the subtle indicators of suspicious activity were only detectable using AI technology, which learns what is normal for the business environment and autonomously responds to attacks before damage is done.
The case studies feature insider threats in the form of an employee scanning the company network for vulnerabilities, a zero-day Trojan targeting a US manufacturer of industrial IoT controls, compromised internet-connected security cameras and smart lockers, ransomware, spear phishing, and a supply chain attack at a Los Angeles film studio that exploited trusted relationships.