As we wrap up 2018 and move into 2019, it is valuable to take a look back and review the lessons learned from the breaches, evolutions, and developments in cybersecurity. We will be coming out with our 2018 year-in-review and 2019 outlook soon, however, we thought we would give you a bit of a preview of three important items.
Rise of Cryptocurrency Mining (aka CryptoJacking)
If 2017 was the year of ransomware, 2018 was the year of cryptomining malware. The incredible spike in cryptocurrency values in December 2017 and January 2018 really opened people’s – including hackers – eyes to the wealth potential of cryptocurrency. Consequently, our security operations center at Security On-Demand saw an almost 400% increase year-over-year in crypto mining attacks in 2018.
While the current cryptocurrency values are limiting the potential return for cybercriminals, there is a lot for them to like with this approach. Cryptomining attacks are pretty quiet, lightweight, do little to no damage to victims, and there is limited risk of data loss. Additionally, they appear to be making about as much money off of this strategy as they do off of ransomware, but without all the risk and attention involved. If crypto markets level off and start to rise, expect to see these attacks increase in the future.
Internet of Things
The internet of things is here to stay and there is no sense trying to keep your organization from embracing it. Yes, it increases risk and your attack surface, but it also has the potential to improve efficiency and increase revenues. The problem with the IOT is that many of the new networked devices seem innocuous and obscure enough that the developers and the consumers do not consider the security implications. This was illustrated perfectly by a use case involving a casino.
In April, Darktrace reported an unnamed casino had its high-roller database breached and stolen due to hackers exploiting a weakness in a thermometer that the casino was using to remotely monitor and control its aquarium. Once hackers exploited the thermometer they were able to pivot their way through the network until they found the data they really wanted and stole the high-roller database.
Hackers are creative and they exploit low-hanging fruit. It seems apparent that neither the developer of the thermometer nor the casino viewed the thermometer as a risk or vulnerability. However, hackers always view anything on the network as an opportunity to exploit. Had the casino simply isolated that thermometer and its traffic from the rest of the network and layered security around the high-roller database, it is likely the attack could have been mitigated. We encourage you to build in information security processes and inputs into your technology acquisition processes. Ensure that IOT devices are tested, secured, and deployed properly.
Nation states, such as China, Russia, Iran, United States, etc. have been involved in computer exploitation for as long as there have been computers on the internet. But in 2018, we have seen increased focus on exploitation and cyber operations conducted or sponsored by governments. Reports are out that hackers out of China and possibly sponsored by their government may be behind the Marriott breach. We have continued reports and investigations into Russia’s cyber operations – and not just their 2016 election influencing – but their attempts to influence election across the globe in 2018, continued attacks on Ukraine and regional countries, and online psychological operations against the west through the manipulation of social media and news sites.
We also saw the FBI issue indictments for various Iranian and Chinese hackers as well as some reports of continued North Korean sponsored hacks. The attention on governments’ role in cyberattacks will likely only increase in 2019 and 2020. People and companies are tired of having their information stolen and not being able to hold the thieves accountable.
Overall 2018 was actually a pretty quiet year in cybersecurity. We had some major vulnerabilities reported, we experienced the Marriott breach and the City of Atlanta ransomware attack, but all-in-all it was fairly low-key compared to 2017. It will be interesting to see what unfolds in 2019. Whatever it is, we will be here keeping an eye out for you and will continue to keep you informed of what you need to do to protect yourself from cyberattacks.