Sophisticated cybercrime ‘brands’ to emerge in 2019

Companies could be ‘under siege’ from malware and AI-fueled cyber crime, specifically ransomware, in 2019.
4 December 2018

2019 could see the ‘consolidation’ of cybercriminal groups. Source: Shutterstock

A recent research report from McAfee has warned that companies could be ‘under siege’ from malware and artificial intelligence (AI) fueled cybercrime, specifically ransomware as cybercriminals ramp up their game in 2019.

“Our dependency on technology has become ubiquitous. Everything is connected, and you are only as strong as your weakest link,” said Chief Scientist and McAfee Fellow, Advanced Threat Research, Raj Samani, with mobile devices, IoT and social media attacks all becoming fair game to attackers. “In the future, we face the question of which of our weakest links will be compromised.”

According to the report, hidden hacker forums and chat groups serve as a market to buy malware, exploits, botnets and other questionable services. By 2019, the underground market is expected to see the consolidation of efforts into ‘malware -as-a-service’ families that will work together. One such example already is Magecart, the name given to a toolkit of malicious software and “half a dozen groups” deploying it, with the aim of compromising payment information from e-commerce sites.

Describing these units as ‘brands’, the report says groups will concentrate on more sophisticated crypto-currency mining, mobile-based malware and the theft of credit card credentials. Remote Desktop Protocol (RDP), where a malicious actor can take control of a desktop remotely, will continue to be used as an entry point for infection and a stepping stone to steal credit card details via Amazon accounts and the like.

Mostly focused on Android, mobile malware is becoming a growing threat, with users often underestimating the access criminals can gain to sensitive financial information, such as online banking details or two-factor authentification.

AI-fueled evasion

Where AI comes into the picture is in evasion techniques and in bypassing security measures, with criminals using this technology to automate target selection or check infected environments to avoid detection.

Meanwhile, the report states that ‘synergistic threats’ are expected to proliferate, with phishing attacks seeding ransomware and crypto-jacking programs via steganography malware— where a malicious file is concealed within another ‘in plain sight’— as witnessed during the Pyeongchang Olympics campaign. A fictional attack scenario is illustrated below.

An illustration of a phishing threat

An illustration of a phishing threat. Source

This phishing threat contains a video attachment, which requires one to download a fake video codec. It then proceeds to deploy a simple GIF to collect a script and it can run either a ransomware or cryptocurrency miner.

Attacks could also extend to the cloud and even IoT devices, says the cybersecurity firm. Routers, smartphone, and tablets could be at risk when infected as botnet could steal data or even launch DDOS attacks.

McAfee recommends that IoT security must begin with a ‘zero-trust’ model and provide a hardware root of trust as the core building block for protection against hack and shack attacks, as the growth of cyber threats keeps pace with wider technological progress.