HACKERS DRESSED IN BLACK: You’ve heard of the word virus and you’ve glanced over the stories about hackers and their malwares attacking the cyber-infrastructure of major companies and high-profile individuals. Every week, a new story. Every time, you think: That will never happen to me or my company as you keep scrolling or turn the page. How cute. Let’s get real, everything is changing and advancing rapidly. Desperate people do desperate things, and they don’t rest until they achieve what they want. The assumption that 2019 will be safer should be thrown out the window. Individuals, as well as companies, are at risk as rogue actors use every trick available to penetrate impenetrable systems. While malware of all kinds is still popular with cybercriminals to attack companies, new forms of attacks have emerged. What cyberattacks will capture the headlines this year? The terminology has drastically changed, malwares are a passé. . .
Let’s set the scene and look for the “mind-games” in play. Before looking at the statistics for what actually does happen, let’s look at how humans are influenced by perceptions of what they think goes on behind the scenes. Is it grounded in a sense of reality or is it all just paranoia and fear summoned by the media? On the side of French companies, pessimism reigns: 86% of information security managers believe that security breaches are inevitable, according to a recent investigation by Kaspersky Lab. Paradoxically, companies are better equipped against cyberthreats. 73% say they have implemented active threat-hunting measures, according to a report by Carbon Black. Is this a paradox that actually matters in this case? 94% of French organizations interviewed by Carbon Black said they had been the victims of a data breach in 2018. 91% even consider these attacks “more sophisticated” than before. The mouse keeps trying to flee from the cat, but the cat is one step behind.
From “malware” to the new, hot & scary term formjacking”.
The giants are threatened. Ticketmaster, British Airways … In recent months, several major e-commerce sites have been compromised by cyberattacks in the form of formjacking, or “form theft”. This is said to be the hot new term used in the cyber and scam-world. This is a kind of scam at the ATM … but the thing is played out virtually. Specifically, cybercriminals take advantage of a source code security flaw to inject malicious code on the payment page. This intrusion allows them, during the transaction, to steal the credit card information from the consumers. This information is then resold on the black market of data. Some of these sites that allegedly sell this information are not very hard to find if you make a few clicks on the so-called Darknet. Beyond Google, Facebook and Youtube, there is something called “Darknet”, or deep web. Here you can find the right sites to buy everything from drugs, weapons and in our case, credit card information. Everything that is not indexed in the standard or “normal” part of the internet. Interestingly, 70-90% of the internet, according to varying sources, is darkweb. You think that you’re accessing all of the information when you search on Google for something? Think again.
According to the 2018 edition of Symantec’s Annual Report on Cyber Threats, more than 4,800 websites are compromised around the world each month. The range and activity of these sites vary but they usually contain some value – otherwise, who would bother attacking them? While 3.7 million attacks were blocked in 2018, cybercriminals still collected “tens of millions of dollars” by this hacking technique (formjacking). The targets are mainly the very small and less protected SMEs. “A single credit card would pocket up to $ 45 (about 40 euros) on underground resale sites. The recent attack by British Airways last September would have allowed cybercriminals to reap more than $17 million,” Symantec stated. According to Symantec and Kaspersky Lab, formjacking is increasingly used and will be one of the biggest threats for businesses and individuals in 2019.
The world of crypto… as another cyberthreat? Cryptojacking is here. . .
A new security threat is in town: cryptojacking, where your computer is hijacked to generate Bitcoins. But how widespread is it? Before we consider cryptojacking as a whole, let us consider the reasons behind it. Why are hackers stealing system resources? Well, cryptocurrency does not grow on trees. No, it grows on servers and is waiting to be extracted. But is it profitable? Since early 2018, more than $ 11 billion has been raised in cryptocurrencies worldwide. Projects involving crypto-assets are multiplying in all sectors, starting with finance. Although cryptocurrency values have dropped in 2018 compared to 2017, cryptomining remains popular and is quickly very profitable … provided you have the computing power required.
Hence the interest for hackers to practice cryptojacking, that is to say infiltrate the network of their victims to exploit their processing resources. Malicious emails with a link that installs a hidden program, infected sites, or compromised domain names are the primary means of being hacked. On the side of the victim, this form of hacking is more like an inconvenience because there is no data theft or extortion of money. But by “cryptojacking” the computing power of a company, its infrastructure can quickly “be submerged, fail and hinder the delivery of services . . . financial services companies may face problems of compliance with regulations”. Hence the need for increased awareness and vigilance on the part of employees and IT departments and the security of companies.
Formjacking and cryptojacking. There is no doubt that this year, the headlines will be riddled with these nuisances as they become a reality for companies. A future article will look at some of the things you can do to stay safe this year. Stay safe and stay tuned.
Evolvera – evolve in a new era.