According to GDATA’s report “Malware numbers of the first half of 2017”, the number of malware recorded ten years ago was 133,253, during this year that number only represents that recorded in five days during the first quarter. Since 2012, the figure has increased 20 times from 2007, with an upward trend remaining until now.
In addition, according to data from Akamai Technologies, in its study “[state of the internet] / security Q2 2017.”, after three quarters with a declining trend, DDoS attacks have increased, growing by 28%,especially at the end of June. And, according to Radware and his study “When The Bots Come Marching In”. One of the biggest risks is malicious bots, which along with IoT, reliance on cloud computing and the rise of cybercriminals, have increased this risk to multiply their reach.
This data has driven agreements such as the one signed by Deloitte and Panda Security, and research such as the one conducted by the University of Washington, which have managed to hack a computer infecting it using malware from a DNA fragment.
The amount of new malware increases eye-catchingly
The new malware is increasing rapidly, according to data extracted from the gDATA company. The number of malware recorded ten years ago was 133,253, which only represents that recorded in five days during the first quarter of 2017. Since 2012, the number has risen 20 times from 2007, with an upward trend remaining so far.
During the first quarter of this year, 4,891,304 new types of malware were recorded, and, on average, 27,000 new malware is created per day, one every 3.2 seconds. According to the company, if you follow this trend this year it will end with 10 million new copies. But where were malware attacks primarily headed? Windows appears to be the protagonist, with 10 million new threats, followed by scripts, Java and Android. Trojans, PUPs (Potentially Unwanted Programs) – the 78.2% of the cyberattacks on computers were performed by these programs – as well as, adware are the most popular means to attack these platforms. The latter two are frequently removed and, of all the malware used this year, GDATA highlights Powerliks.
“Poweliks is classified as malware, but it is acting in the advertising area. It constantly clicks on advertising banners and downloads ad material. If you find a malicious advertisement, it can lead to malware (malvertising). The company said.
DDoS, increasingly used by cybercriminals
According to data from Akamai Technologies, after three declining quarters, DDoS attacks have increased, growing by 28%, especially at the end of June. Therefore, more and more cybercriminals are opting for such attacks. The most common attack vectors are ntp, chargen, and dns continue to form the top three places. Attacks on web applications have also increased, especially with SQLi attacks. The DDoS PBot malware, the use of old PHP code and domain generation algorithms in command and control infrastructures seem to be responsible for these important floods in the attacks.
“Events such as the Mirai botnet, the exploitation used by WannaCry and Petya, the continued increase in SQLi attacks, and the pBot’s resurgence show that attackers not only migrate to new tools, but also reuse some old ones, whose old efficiency is more than proven,” says Martin McKeay, Akamai’s lead security expert.
The attackers have targeted their targets an average of 32% times a quarter, with the video game industry being the most attacked, an 81% of the DDoS attacks being directed at this industry. In fact, a video game company went on to suffer 558 attacks during the second quarter of this year.
By countries, where the origin of the cyberattacks have been most recorded, have been, first, the United States, being the source of a 33% of the attacks, the second place is for China with a 10% and Brazil, third, with a figure of 8%. In Europe, the Netherlands, despite having gone from 44 million attacks to just over 23 million, is the main source of European cyberattacks.
On the other hand, the US also ranks first in affected countries, with more than 218 million attacks, followed by the UK, which saw a large increase in 130% attacks in the first quarter. Brazil ranks third, increasing attacks in the last quarter by 15%, and Akamai highlights Singapore, which has gone from 10th to fifth place.
The new method for malware spreading: Facebook Messenger
A new way is being used to spread new malware via Windows, Mac and Linux. Facebook Messenger is the new channel, using a fake link that redirects to fake pages of well-known websites.
The user receives a message from an acquaintance – whose account has been the victim of a password theft, a hijacked browser or clickjacking techniques – which makes it more difficult to raise the alarms. The content of the message is its name, the word “Video” and a surprise emoji along with a short URL, which will redirect you to a Google document where a blurry photo of the victim and apparently multimedia content appears.
When the user tries to play the video, it will invite you to install the malware. The page is different depending on the operating system, location, search engine, etc. As well as the method by which the malware will be downloaded –If the user does so from Google Chrome, the web will be similar to YouTube and the method by which you will download the malware will be by means of an extension accompanied by an error message. For Safari, a .dmg file will be downloaded via a fake macOS page. And, for Firefox, the method used is by using a Flash update, running an .exe file.–
But what does this malware do? Through cookies it monitors the activity of the browser and displays ads according to the user. Social engineering is also present, as cybercriminals automatically generate revenue for every click on ads, so they try to encourage the user to do so.
IoT could multiply the risk of malicious bots
Thanks to the Internet of Things (IoT) the world is increasingly connected, however, this can lead to multiple cybersecurity-related issues. One of the biggest risks is malicious bots, which along with IoT, reliance on cloud computing and the rise of cybercriminals, have increased this risk to multiply their reach.
It is not only the simple fact that society is increasingly connected and increasing these devices, but, many operate on Linux versions that are not prepared to defend themselves according to malwares, being able to fall victim to different attacks.
In addition, it is necessary to take into account the increase of marketplaces, which are responsible for increasing the ‘hacker economy’ by offering the execution of a cyberattack results in a large increase in cyber risk and being the victim of a malicious bot.
Not only that, this vulnerability can make bots prone to creating botners, such as Haime, Mirai or BrickerBot. That is, large numbers of bots that perform automatic cyberattacks through zombie networks, capable of controlling video surveillance networks, launching DDoS attacks, disable devices, etc.
Another threat to consider is web scraping: it stores website data and uses it thanks to a software tool. It could result in theft of intellectual property, data or information leaks, because it allows you to copy content from one website and publish it to another without the need for permissions, compare prices, monitor data and changes on websites, etc.
According to the company Radware, some ways to increase cyberdefense are to modify the default credentials of the devices, review and update the firmware each period of time, perform drills, monitor the behavior of the network and users, delimit a crisis response plan and disable Tenet access to devices.
Scientists have hacked through a DNA fragment
Researchers at the University of Washington in Seattle have managed to take control of a computer, hacking a software program by incorporating malware into a DNA fragment.
It has been presented at the Usenix Security Symposium in Vancouver, Canada. The graduate student at Kohno Peter Ney’s Security and Privacy Research Laboratory details: “We look at emerging technologies and wonder if they could lead to new security threats, with the idea of leading the way.”
Researchers were able to build the malware thanks to a translation of a simple computer command into a short sequence of 176 DNA letters, which they ended up introducing into a sequencing machine, not without first making a few copies of the DNA. The machine read and stored the stream as if it were a binary code.
However, currently this malware does not pose a risk, as some security features were disabled when performing the experiment and added vulnerabilities.
“Your exploit is simply unrealistic,” says geneticist and programmer Yaniv Erlich, who is scientific director of MyHeritage.com, a genealogy services website. “The attack took advantage of an overflow effect, when data exceeding a storage buffer can be interpreted as a computer command. In this case, the command contacted a server controlled by Kohno’s team, from which they took control of the computer in their lab they were using to analyze the DNA file.”
It is true that companies dedicated to making synthetic DNA are warned of possible bioterrorist attacks, but, such experiments create an alert about potential computer threats through DNA chains.
Another goal could be people’s technological data because of their growing internet presence. In addition, if you take into account that on numerous occasions scientific programs dedicated to organizing and interpreting DNA data are not updated, there are cracks in the cybersecurity of them.
Experimenters, Tadayoshi Kohno and Luiz Ceze, warn that “In the future hackers could use fake blood or saliva samples to gain access to university computers, steal information from police forensic labs and infect genomic archives shared by scientists.”
There is a lack of skilled staff globally
Although cyberattacks appear to have increased considerably, there is a lack of talent in the field of computer security.
Steve Morgan, founder of market analysis consultancy Cybersecurity ventures, stated that “the main global trend we see in the field of computer security is a chronic lack of qualified personnel; it’s a real epidemic.” Cybersecurity Ventures bases its observations on a survey conducted by 500 security companies, which agreed on such an observation.
As a result, there are currently two job offers for each specialist and, according to Frost&Sullivan, by 2020, 1.8 million cybersecurity professionals will be needed. And by 2021, according to Cybersecurity Ventures data, there will be 3.5 million vacant jobs in the sector. In addition, the company stated that more than half of the companies (62%) lack sufficient security personnel.
Robert Herjavec, CEO of Herjavec Group, another cybersecurity company, said, “We are one of the few industries that,%on a global scale, experiences a level of unemployment of 0”, adding that “unfortunately, talent reserves security are not enough to tackle the current online crime epidemic. Until we can rectify the quality of education and training that new security experts receive, black hats or evil hackers will continue to take advantage.”
Morgan stated that this global lack of qualified professionals is a consequence of the limited educational offer in education for computer science and information technology.
Panda Security and Deloitte unite against advanced cyberthreats
Panda Security and Deloitte have signed a Cyber-Strategic Alliance with the aim of entrusted with their customers in Europe, the Middle East, Africa and Latin America to be protected from advanced cyberthreats thanks to the deployment of Panda Adaptive Defense.
The alliance is based on the premise that while more traditional security solutions can cope with known malware, they are not as effective when these cyberattacks use less-known means or advanced techniques. Therefore, a technology that fuses Endpoint Detection & Response (EDR) technology with monitoring and categorization capabilities of all running processes is needed.
According to Juan Santamaría, General Manager of Panda Security: “The agreement between Panda Security and Deloitte will provide our customers with a perfect combination of security solutions and services to protect them against the rise of cyberthreats Advanced. This cooperation will enable the most advanced computer security services provided by Deloitte to have Panda Security’s intelligent cybersecurity technologies.”
With this, while the company uses Panda Adoptive Defense’s intelligent technology in 8000 endpoints of its Spanish subsidiary, its customers will maximize the investment dedicated to cybersecurity, resulting in a comprehensive and connected security ecosystem. In addition, the agreement helps Deloitte with its role as an enterprise advanced cybersecurity service provider and, thanks to the addition of Machine Learning, the chances of its customers suffering any cyberattacks are zero.
According to César Martin, Partner Responsible for Deloitte’s Cyber Risk Advisory area, “The collaboration between Deloitte and Panda Security will provide effective protection against known and unknown threats to all customers of the Deloitte network in the EMEA region. This collaboration points to the central role of these two companies as leaders in the cybersecurity market, and specifically in the field of protecting their own digital infrastructures and the business fabric.”
