2019 Will See Cybercriminals Eye Opportunities in Cryptocurrency and IoT to Launch Their Attacks
by Deepen Desai, Zscaler's Director of Security Research
Cybercriminals never take vacations. They’re always scanning the horizon to see which new technologies are being adopted by legitimate enterprises and are therefore ripe to be exploited, or how to utilize trusted protocols to steal credentials of unsuspecting consumers. The coming year will be no different, but the tools in some cases will change. Here are my predictions for the cybercrime trends that will get our attention in 2019.
Prediction #1: Malware operators will cash in on cryptocurrency
We’ll continue to see more and more malware operators make money on cryptocurrency, either by mining coins using infected systems or by stealing cryptocurrency from the infected systems. This will involve new and existing malware strains that will add crypto mining and stealing functionality. The three most common types of crypto-malware include crypto miners, wallet stealers, and clipboard hijackers, and we expect to see an increase in all three types. Here’s how they work:
When downloaded, crypto miners malware works in the background to steal CPU cycles that can mine and generate digital currency like bitcoins without users’ knowledge or consent. By spreading their malware across thousands of machines, the miners form a mining pool that can result in big payoffs for the malware author. In 2018, crypto mining surpassed ransomware to become one of the top threats, and that trend is expected to continue.
Wallet stealing will increase, too, in both frequency and sophistication. Wallets don’t store the cryptocurrencies; instead, they store credentials to access or spend the money, which is stored in blockchain. Expect to see new variants that contain the functionality to locate and steal wallet.dat
Clipboard hijacking is another recent innovation. Because cryptocurrency wallet addresses are long, random-looking sequences of alphanumeric characters, they are difficult to remember. Almost all cryptocurrency owners copy and paste their wallet address for making transactions; on an infected system, malware can monitor for cryptocurrency transactions and dynamically change the wallet address on the clipboard to that of the malware operator so that future transactions benefit the malware operator.
Prediction #2: SSL/TLS-delivered threats will become more common
We’ve seen steady growth in overall SSL/TLS-encrypted traffic this year, which now accounts for almost 75% of total enterprise traffic going through the Zscaler cloud. Cybercriminals are leveraging this encrypted channel at all stages of the cyber kill chain. In particular, there has been a sharp increase in phishing attacks and malware payload delivery over encrypted channels. In the latter half of 2018 alone, we saw that 35% of phishing content was delivered over encrypted channels, representing a 300% increase since 2016.
Though the volume of SSL/TLS-encrypted traffic has risen sharply, much of it is going uninspected, either because it’s assumed to come from trusted sources or, more likely, because of the impact inspection would have on network performance. Attackers can now hide malware in encrypted traffic knowing it is not likely to be inspected.
In 2019, we will continue to see SSL/TLS utilized by cybercriminals to launch attacks, and we anticipate an increase in phishing attacks and malware payload deliveries over these channels, as cybercriminals take advantage of the assumed trust in encryption as well as the ease with which they can obtain digital certificates.
Prediction #3: IoT threats will have a greater impact on enterprises
IoT footprints in the enterprise network have grown rapidly over the past few years, and these Internet-connected devices can pose significant risks to enterprise networks. We will continue to see cybercriminals leverage IoT devices as a beachhead to large-scale attacks against enterprise networks.
Some of the largest attacks on record are the result of hackers using IoT devices to carry out massive distributed-denial-of-service (DDoS) attacks (you can read about some of them here
). IoT devices have notoriously poor security with known default passwords that are rarely ever changed, and manufacturers are slow to patch vulnerabilities.
In addition to employee-owned devices coming into the workplace, organizations are adding hundreds or even thousands of IoT devices to their environments, such as cameras, printers, IP phones, televisions, kitchen appliances, thermostats, and more. Besides the potential for DDoS attacks, IoT vulnerabilities are being used by attackers as an entry point to a network, in which they can hop from one vulnerable device to the next, undetected.
One an attacker gains a toehold into a network through a compromised device, it can be used for spreading malware, stealing credentials, leaking data, and sniffing traffic. Unfortunately, until manufacturers take the threat seriously and bake security into their devices, the attacks will continue to rise in 2019 and beyond.
The US-CERT (United States Computer Emergency Readiness Team) has provided security tips for IoT devices here
Prediction #4: Supply-chain attacks will grow
There has been a steady increase in software supply-chain attacks in recent years. These attacks used to be targeted in nature, singling out a specific industry or organization, such as government. However, we’re seeing software supply-chain attacks used for commodity malware as well, which has the potential to impact larger numbers of users. We will see cybercriminals continue to focus on attacking critical software supply-chain infrastructure to conduct larger attacks.
An example of the fast and massive damage that a software supply-chain attack can inflict is the June 2017 NotPetya attack. The initial infection was through an accounting software website and, by the end, it had wiped data from many thousands of computers around the world at banks, energy firms, governments, and more. Not only is a company’s valuable data and IP at risk, so too is their reputation—which in the end hits its bottom line. NotPetya appeared to be a state-sponsored
attack, but most supply-chain attacks are the result of poor security hygiene, which attackers are always prepared to exploit.
Prediction #5: Criminals will turn their attention to cloud service providers
The increase in cloud adoption has shifted a lot of workflows to the cloud. With that shift, we’ll see more attacks aimed at infiltrating cloud service providers in an attempt to gain access to valuable data from the organizations using the cloud services. These attacks may have a far-reaching impact, in light of the volume of data companies are storing in public clouds, and they can pose severe financial consequences.
The cloud service providers themselves have invested heavily in security protections and have large security teams to ensure their systems are sound—they are far more secure than the typical enterprise datacentrer. But most cloud services and their configurations are new and evolving, and mistakes, such as the widely publicized S3 bucket misconfigurations
, have led to the exposure of sensitive data at many organizations. But the most common source of errors leading to data leaks or the spread of malware is the end-user. While your cloud storage system may be impenetrable, there is always the risk that employees will be careless with their credentials, enabling bad actors to access your valuable data. In 2019, we expect to see an increase in social engineering attacks aimed specifically at employees accessing cloud applications.