Banking Trojans, Phishing, and Ransomware Continue to Dominate in 2023
The Covid-19 situation has accelerated digital transformation processes and formalized teleworking, resulting in an increase in cyberthreats to levels never seen before and never predicted. Let’s remember that Malware is a combination of two words – “malicious” and “software”. This term refers to any type of malicious code, regardless of how it affects victims, behaves, or causes damage. Malware encompasses all forms of malicious software, including Trojan Horses, Ransomware, Viruses, Worms, and Banking Malware. It is difficult for a normal user to tell which files are malware and which are not. That is why security solutions exist, such as vast databases of previously seen malicious samples and the use of multiple protection technologies to detect the most recent ones.
Malware authors today are extremely inventive. To avoid detection, their “creations” spread through vulnerabilities in unpatched systems, bypass security measures, hide in memory, or mimic legitimate applications. Even today, however, one of the most potent vectors of infection is the weakest link in the chain: humans. Emails with malicious attachments have proven to be an effective and low-cost way to compromise a system. And it only takes one click to do so.
The first step is to keep all software, including the operating system and all applications, up to date. Not only to add features and improvements, but also to fix bugs and address vulnerabilities that cybercriminals and malicious code could exploit. This, however, does not cover all current threats. Furthermore, a reliable and up-to-date security solution is required to thwart potential attack attempts. Backups made on a regular basis and stored on an offline hard drive are another way to combat malware, allowing the user to easily replace any data that has been damaged or encrypted by cyberattackers.
Let us recall and remember a little history. Pakistani Brain was the first virus to be identified in early 1986. Its goal was to be as inconspicuous as possible. It infected the boot system of 5.25″ floppy disks and spread globally in a matter of weeks, which is remarkable given that it was only distributed via 5.25″ floppy disks. Since then, malware has evolved in a variety of ways, and its creators are constantly coming up with new ways to infect victims. They have a powerful distribution network with the Internet, which allows them to affect potential victims much more easily. This will always be the fundamental logic of a hacker, and it is up to us to practice intelligence and counterintelligence to counteract them. Some malware families, such as WannaCryptor, spread indiscriminately by encrypting files and causing global damage. Others affect smaller groups of victims, such as companies from a specific country in the case of Diskcoder. Petya aka C. Industroyer was a recent example of targeted malware. This malware, discovered by ESET, attacks industrial control systems used in the power grid and has caused blackouts in Ukraine by abusing legitimate but unsecured protocols. It is one of the few malware families that can be compared to Stuxnet, the first cyber weapon ever used.
Since the pandemic was declared, cyberattacks have increased, such as those against the Remote Desktop Protocol (RDP) and Ransomware. The world will have one billion malicious codes by 2022. However, cyberthreats have not only increased in number, but they have also become more sophisticated. For example, today we discuss “Fileless Malware,” which does not require the user to enter any files into the system in order to run the Malware: it can be stored in the system’s volatile memory. That is why monitoring and prevention technologies are critical.
Malware of the following types was discovered in 2021 and 2022:
1) Malicious Torrents: from the previously unknown Kryptocibule Malware family. It steals cryptocurrency and exfiltrates cryptocurrency-related files using cryptominers and clipboard hijacking.
2) Android Threats: Malware in the ‘Hidden Apps’ category has dominated for three consecutive quarters in 2022. This cyberthreat consists of deceptive apps that masquerade as games or utility apps, but after installation, they hide their icons and display full-screen ads.
3) IoT Cyberthreats: Because IoT devices are designed with little to no security, they are easy targets for cyber attackers. Attackers can infect such devices with malicious bots and use them in botnets for large-scale attacks.
4) Malware for Mac: In 2021, the Kattana trading application for Mac computers was copied and trojanized. The attackers used Malware to steal information such as browser cookies, cryptocurrency wallets, and screenshots; by 2022, this type of cyberthreat had been completely eliminated.
5) Malicious emails: The distribution of malicious software via email will increase in 2022. A Microsoft Office Exploit is the most common detection in 2022.
Ransomware is a persistent cyberthreat that has been persistently attacking organizations, compromising critical infrastructures such as government, health, and energy institutions, and is becoming increasingly complex. Its detection and eradication. In 2020, ransomware and data leaks were merged. In this article, he points out that the operators of various Ransomware families have added another risk to this type of attack, because in addition to hijacking files, they now practice extortion, with the cyber threat of leaking the compromised information. This modality employs the Doxing technique, which entails obtaining confidential data from victims and threatening to make it public unless extortion is paid. Without a doubt, this increases the pressure on those affected, because it is not only about recovering the encrypted information, but also about preventing the stolen data from becoming public.
Banking Trojans, also known as “Bankers,” are malicious code that is widely used in the field of cybercrime. Their function is to steal banking information from users of this type of service. These details are available on the black market. Some people acquire them in order to engage in criminal activities such as extortion and fraud. Around the world, eleven banking Trojan families have been identified.
These families use encryption and obfuscation tools to protect the code from analysis and thus protect the malicious activity they carry out in the systems. To avoid detections, they include instructions in their programming that do not have a specific action; they are filled, they are garbage code. So far, more than 50 financial institutions have been identified as victims of identity theft to deceive their customers.
In the last three years, the most common cyberthreats have been:
1) Ransomware: its developers form organized groups and auction off stolen data from their victims on the Dark Web. There have been 203 different Ransomware variants identified.
2) Exploits: malicious code that attempts to gain access to equipment by exploiting a vulnerability in the systems. EternalBlue (to which the WannaCry virus belongs) and BlueKeep are two more widespread families (remote desktop vulnerability, something that becomes relevant in 2022 due to the teleworking trend).
3) Spyware: “classic tools” of cybercriminals. It is still critical for them to have a broad reach in propagation. Since 2020, the HoudRat Trojan has been at the top of the list.
4) Phishing: In 2020, the number of detections of files linked to Phishing campaigns increased by 27%, rising to 53% in 2022. It represents a significant increase, as these detections were 15% in 2019.
The cost of financial cybercrime has surpassed $600 billion. As if that weren’t enough, there is a shortage of specialists due to changes in the cyberthreat landscape and the variety of new Malware developments, which have highlighted the shortage of professionals in the field of cybersecurity. According to various studies published at the end of 2019, 4.07 million Cybersecurity professionals were required.
César Daniel Barreto