We continue to take stock of this 2017 by staying on a topic that is particularly close to our hearts, which is cybersecurity. A few months ago we already anticipated that, most likely, the year that is about to end will be remembered in the IT field for two important events/topics: cybercrime and GDPR. Regarding the first one, cybercrime, the data reported by Kaspersky Lab researchers unfortunately confirm that it was a black year.
In 2017, the number of newly identified malicious files was 11.5% higher than the previous year, amounting to 360 thousand cases per day. This is growth for the second year in a row, while a slight decrease was recorded in 2015. Most of the files identified as dangerous fall into the category of malware, as many as 92%, while the remaining 8% are adware. In addition, again according to Kaspersky, 29.4% of users’ computers experienced at least one online malware attack during the year, and 22% came into contact with ADV software and its components.
What has actually resulted in a turnaround in the past two years are ransomware threats, which have grown exponentially and have just as much of a growth prospect. Behind this type of threat, a true criminal system is emerging that can produce hundreds of new samples every day. In the ransomware category, the fact stands out that, in 2017, 26.2% of these attacks affected business users, a figure that is up from 22.6% in 2016. According to Kaspersky Lab, this increase is due in part to three unprecedented attacks that hit corporate networks: we are talking about WannaCry (May 12), Petya or ExPetr (June 27) and BadRabbit (end of October). The result was that corporate victims proved to be extremely vulnerable and may be more affected than individuals, plus they proved more likely to pay ransom to keep the business going. As many as 65 percent of companies that were affected by ransomware this year reported losing access to a significant amount or even all of their data; one in six of those that paid never recovered their data ☹.
2017 was also the year of numerous attacks on financial organizations, a favorite target of hackers. Kaspersky Lab experts discovered last October in the Dark Web a new specimen of easy-to-get malware targeting ATMs, its name is Cutlet Maker, as well as a new cybercriminal group called Silence aimed mainly at Russian banking entities. Out of a total of about 100 hacker groups active in financial fields, it was observed that only about ten had economic interests, while the others were engaged in cyber espionage and data research within government, oil or gas production agencies. These are therefore targeted attacks with the same logic that has affected software vendors used by large companies (let’s remember the great attack perpetrated against the CCleaner tool): if the company system is impregnable, then let’s hit the software they use!
2017 then saw the growth of cryptocurrencies with a consequent impact on the global economy. Concurrently, new threats and vulnerabilities also emerged, which then opened the door to various types of attacks, from phishing to hacking Bitcoin wallets. This has brought as much as $300 billion into the pockets of cyber criminals. In addition, this new reality, has paved the way for new ways to make money in a short time, such as the covert mining of cryptocurrencies: according to this procedure, sites are infected with a script thanks to which the computers of visitors to these sites are used for mining without their consent.
If these are the assumptions, what does 2018 have in store for us then in terms of cyber security?
…to be continued.
Sara Avanzi