A look back at cybercrime in 2018

Last year IBM’s securityintelligence.com predicted that:

• Internet of things would make the news.
• Orchestration & Automation would be a top priority.
• Business would rush to prepare for GDPR

These were very accurately predicted as areas of great impact!

Symantec’s 2018 cybersecurity attacks report reported that IOT experienced a 600% increase in attacks in 2017 over the 2016 period. An astonishing 8500% increase in malware coin miner detections, Coin miners not only slow down devices but can overheat batteries and sometimes render a device useless.  These are browser-based attacks so no need to download the malware to a victim’s PC. 

The number of targeted attack groups Symantec tracks has risen to 140. The opportunities have risen so more cyber criminals are at work today.

Symantec reported 71 % of all targeted attacks started with spear phishing to infect victims. This is not a new tactic. The cybercriminal strategy appears to be not only to target the weakest links but always change it up a bit and always go where the users ae going. Bitcoin and IOT are great examples.

Implanted malware grew by 200%, impacting the software supply chain.  Another tactic used before is hijacking software updates as a solid way to gain trusted access. You wouldn’t expect anyone to be using an outdated OS like XP, would you?  The research showed that only 20% of Android smartphone systems were using the newest version.  This makes these systems very vulnerable to attacks.

Cellphone #s – the new SSN?

It was also noted that grayware apps in the mobile marketplace were not only problematic but also leaked the user’s phone number. Speaking of leaking phone numbers and mobile devices: Protect your cellphone number! Don’t post it anywhere, as it’s becoming the new SSN. You are doing most of your browsing and even shopping and banking on that device.

I know many people who are receiving many unsolicited calls a day on their mobile phone. They reported that they tried the carrier’s call protection software, which is mostly ineffective. In the US, the FTC and FCC enforce a law called the Telephone Sales Rule, part of the Telephone Consumer Protection Act of 1991. This law addresses the following but apparently can’t be enforced against a global onslaught of cybercriminals:

• Who can be called, no calls to cell phones – US national do-not-call registry
• Rules governing calls, 8am to 9pm
• Call abandonment
• Unauthorized billing
• Recordkeeping
• Robo call rules 2012
• Does not preempt state law

If you are experiencing issues with lots of unsolicited calls to your cellphone, report it to the FCC online and do what the FCC recommends: contact your carrier and demand a technological solution, one that they don’t charge you for.

Symantec reportedly blocked an average of 24,000 malicious applications last year. That’s applications, not malware!

While ransomware variants have increased 46% it has also become a commodity with a price drop to $522 in 2017. It’s being surpassed by coin mining while cryptocurrency values are up. In the end, Symantec reported that with each passing year digital threats continue to come from new and unexpected sources. The attack volume keeps increasing, but so does the diversity of methods and tactics.

What can you do to mitigate your risk?

Know what your critical data is – ePHI, PCI DSS, conferential finance data – and know where it’s located: data at rest and data in transit in and out of the org. Visit NIST for standards to apply across the enterprise.

Adopt the 20 CIS Security Controls:

Basic CIS controls:

1. Inventory and control of hardware assets
2. Inventory and control of software assets
3. Continuous vulnerability management
4. Controlled use of administrative privileges
5. Secure configuration for hardware and software on mobile devices, laptops, workstations and servers.
6. Maintenance, monitoring and analysis of audit logs

Foundational CIS controls:

7. Email & web browser protections
8. Malware defenses
9. Limitation & control of network ports, protocols and services.
10. Data recovery capabilities
11. Secure configuration for network devices, such as firewalls, routers and switches.
12. Boundary defense
13. Data protection
14. Controlled access based on need to know.
15. Wireless access control
16. Account monitoring and control

Organizational CIS controls:

17. Implement a security awareness and training program
18. Application software security
19. Incident response and management
20. Penetration tests & Red team exercises.

Complete details on all 20 CIS controls can be found here. 

To sum things up…Knowing where we have been is important, but were we up to speed on these trends at the beginning of 2018? How prepared was your organization? Did you have the people, processes and  technology in place?

One thing’s for certain: cybercriminals are always upping their game. To survive on the internet in any business, you need a solid cyber risk management strategy, and this includes threat intelligence.

So, what’s ahead in 2019?  Early predications look like more of the same, plus. Ian Kilpatrick, executive vice president of cybersecurity at Nuvias Group, listed the top 10 trends that will impact cybersecurity in 2019:

1. Increase in crime, espionage and sabotage by rogue nation-states
2. GDPR – the pain still to come
3. Cloud insecurity
4. Single factor passwords – the dark ages
5. Malware – protect or fail
6. Shift in attack vectors will drive cyber hygiene growth
7. IOT – the challenge will only increase
8. Increasing risks with shadow IT systems and bad housekeeping
9. DDoS – usually unseen, but still a nightmare
10. Cybersecurity in the boardroom