ISACA recently released results from the annual global State of Cybersecurity Survey conducted last October. A total of 2,366 individuals with a Certified Information Security Manager (CISM) and/or Cybersecurity Nexus Practitioner (CSX Practitioner) participated in the 2017 survey. The results were not earth shattering but some were of interest.
From a threat landscape perspective, the survey identified four key findings:
- Cyberattacks are increasing, but the methods employed remain relatively static.
- Motivation remains monetary, and ransomware countermeasures are nearing ubiquity.
- Ransomware is being displaced, most likely by cryptocurrency mining.
- Threat intelligence is prevalent-active defense is less familiar but effective.
The one I found most interesting is the move from ransomware to cryptocurrency mining malware. There are a lot of passionate people out there with their opinions on cryptocurrency. Lets set those aside and realize there is an active threat that should be considered.
According to the survey, respondents saw a minor decline in ransomware attacks over the past year. This does contradict Verizon’s “2018 Data Breach Investigations Report” as it expected ransomware attacks to dominate malware attacks this year. Economia estimates there has been a 2,000% increase in ransomware since 2015. As companies are learning how to handle ransomware, there is a shift occurring. Ransomware as a service (RaaS) is on the rise and GandCrab is worth keeping your eye on.
Cryptocurrency Mining Malware
If an attacker wants immediate access to cash, ransomware is the method of choice. The attacker that is willing to wait may choose cryptocurrency mining malware or fileless malware as their preferred method. The rewards can be much higher. This type of attack does not install an application on your computer system with hopes of gaining access to your files and folders. Instead, the malware imbeds itself into the computers processor and registry. As oppose to extorting money like ransomware, fileless malware seeks to extort computer processing power. While an attacker cannot mine cryptocurrency at the rate of GigaWatt, one of the largest mining farms in the world located in Washington, it can string the CPU power from unknowing users. The impact to the employee focuses on reduced computer processing power, reduced productivity and reduced bandwidth.
Why should you care?
Isn’t that why you spend money on anti-virus and anti-malware software and services? Well, fileless malware is very difficult to detect because anti-virus software cannot easily identify a file signature. One of the best things you can do is lock down all administrator accounts. This should include changing all default administrator passwords on network equipment, limiting the number of individual and service accounts with domain administrator privileges and restricting end-users from having local-administrator rights on workstations. This will not eliminate the threat but it is a cheap way to limit some of your risk. Lets leave cryptocurrency mining up to the professionals and not our computer systems.
About the Author
Stephen is a Manager at YHB and serves on the Risk Advisory Services Team. Stephen has extensive experience in IT Audit and Advisory Services. His background includes internal and external IT Audit services for state and federal agencies and Fortune 500 companies in retail, manufacturing and financial lending