Throughout 2018, we saw a number of notable attacks that affected both consumers and businesses. Our team of IT security experts pulled from our analytics and determined the largest threats that we saw in 2018.
Meltdown and Spectre: These were disclosed by Google’s Project Zero and revealed such fundamental vulnerabilities in modern computing that the full ramifications aren’t fully understood. This allowed programs to view data that they shouldn’t ever have access to via exploiting falls in speculative execution.
Botnets: According to our analytics, almost 60 percent of botnet activity in the first quarter were just from Emotet and AAEH.
VPNFilter: This was found on over half a million routers by utilizing some low hanging fruit vulnerabilities and took advantage of both old CVEs that had gone unpatched on consumer routers as well as default credentials to install itself and begin monitoring traffic both on the network as well as to the internet.
Magecard: This group was found to have been running digital credit card skimmers on a vendor of Ticketmaster, which allowed them to collect full credit card information as it was being passed from the Ticketmaster website to the payment processor.
Spam: We saw a spike in spam at the end of the second quarter where 30 percent of all processed emails were categorized as spam or suspicious. Over 18 percent of those were rejected due to our sandbox or other dynamic analysis, representing threats for which there was no signature and failed to match any other known indicators of spam.
Rakhni: We saw new features of Rakhni this year after it was a widespread ransomware in 2017. Specifically, a cryptocoin miner was implemented. This meant that instead of encrypting the contents of a PC, it would instead use PC resources to mine cryptocurrency.
Magecart: This struck again hitting both Newegg, the online electronics retailer, and British Airways. Because of the huge value in large numbers of completely valid credit card numbers, Magecart seems to be able to bankroll either their own research into vulnerabilities or afford the most promising of 0-day exploits on the dark web.
Remote Desktop Protocol: Better known as RDP, has been a thorn in the side of cyber security professionals for many years. The ease of use tantalizes users and administrators into opening up port forwards into systems, including critical infrastructure. Unfortunately, there are a myriad of flaws in RDP, not the least of which is brute force attacks.
VirtualBox: A security researcher that was upset with the status quo of vulnerability disclosures and bug bounty programs posted a new vulnerability in VirtualBox that allowed for a guest OS to access the host OS. The published disclosure included all of the necessary proof-of-concept code for the exploit to be quickly weaponized. While the researcher was lambasted by the cyber security community, the damage had been done.
Starwood Hotels Breach: Having a database containing 500 million records of personal information, including full names, addresses, passport numbers and encrypted passwords is bad enough. Finding out that the attacker obtained this through unauthorized access they had for four years, is devastating. That is what happened to Starwood Hotels, a subsidiary of Marriott. They are sure of the database information stolen but haven’t been able to confirm if encryption keys were also stolen at the same time.
No matter what threat ensues, it’s crucial to encourage those within your organization to keep security in mind when they are implementing and maintaining infrastructure. IT in general is often considered as purely an expense at many companies and cyber security even more so. But there is a very real, tangible benefit to utilizing the myriad of tools available to keep your organization safe and be aware of threats.
At Nuspire, we offer a variety of tools for large scale log collection and analytics, state-of-the-art email threat protection, visibility into the ends of your organization and can have a complete view of every incident on your network, from the gateway to the endpoint. For more information on our services, visit www.nuspire.com