New analysis from Darktrace has shed light on the evolving cyberthreat landscape, providing insights into the changing behaviour of cybercriminals in 2018. The research unveils that hackers are seeking profits by using more stealthy tactics, including banking trojans and cryptojacking over traditional methods such as ransomware.
The data reveals that the incidence of banking trojans, which harvest the credentials of online banking customers from infected machines, increased by a staggering 239% in 2018 compared to 2017. Darktrace also detected a 78% growth in the frequency of another under-the-radar threat, cryptojacking, within the same time period.
Interestingly, this dramatic increase comes at the same time as a significant decline in the popularity of ransomware, which decreased by 28% between 2017 and 2018.
Cryptojacking operates by the opposite logic of ransomware. Defined as the secret usage of computing power to mine cryptocurrency, it acts as a parasite on an organisation’s computing systems or injects hidden code into an organisation’s web pages. While ransomware attackers demand payment immediately, cryptocurrency miners seek to go unnoticed for as long as possible.
“It seems that banking trojans are, at least at present, a more profitable tool for cybercriminals. Unlike ransomware, banking trojans do not rely on a victim’s conscious willingness to pay; instead, they use deception to perform transactions without the victim’s knowledge. Given the decline in ransomware incidents in 2018, it seems that subtler attacks have become the weapons of choice for hackers,” said Max Heinemeyer, Director of Threat Hunting, Darktrace.
In one Fortune 500 e-Commerce company this year, Darktrace discovered a privileged access user — a disgruntled systems administrator — was hijacking power sources from the company’s infrastructure for monetary gain. The employee co-opted other users’ credentials and service accounts to stealthily take over multiple machines for the purpose of cryptomining.
Darktrace’s 2018 threat data also revealed that upwards of 15% of the Internet of Things (IoT) devices detected by its Artificial Intelligence (AI) were unknown to businesses, with a 100% year-on-year increase in IoT attacks. This lack of visibility into which IoT devices are on a company’s system has enabled cyberattackers to manipulate and exploit them.
The research also found a 28% year-on-year increase in threats targeting cloud and SaaS systems compared with the previous year.
“As innovative businesses continue to adopt connected devices and migrate to cloud and SaaS infrastructures, these attacks will almost certainly rise exponentially in 2019,” Heinemeyer continued. “With hackers adopting stealthier techniques, security teams need to find a way of gaining visibility and control of their corporate networks. To address these fundamental limitations, they must be willing to rethink their security tactics, leveraging AI technology to battle against machine-speed attacks.”