Gulf Breeze, Florida, — In 2018, AppRiver was able to protect its customers from more than 10 billion global email-based attacks – proving that cyberthreats continued to flourish in 2018.
In its annual Global Security Report, the channel-first provider of cloud-enabled security and productivity services says its Email Security and Web Protection filters quarantined more than 10 billion global threats including:
• 8.3 billion messages containing URL-based malware, phishing attacks and text-based attacks.
• 300 million emails that included malware in a message attachment.
• A majority of malicious attachments with Word files with embedded macros.
• A surprisingly 4.5 billion quarantined messages that originated in the United States
The Global Security Report provides a detailed examination of 2018 cybersecurity trends in email, web-based spam and malware attacks, and offers predictions regarding the 2019 cybersecurity landscape.
Large corporations continued to fall victim to data breaches in 2018, including the Facebook attack, where hackers made off with data of nearly 29 million users. Of those, 14 million records included details such as birthdates, employer information, device data, religious preferences and some location data. Quora also experienced a large-scale attack, with 100 million user records breached, including names, email addresses and passwords. Marriott/Starwood suffered one of the biggest corporate attacks in 2018, when attackers stole nearly 500 customer records containing names, phone numbers, passport numbers and credit card information.
The Global Security Report also provides insight into how stolen data is exploited by attackers, including personalized attacks, which gained popularity in late 2018. This blackmail email tactic threatens to send embarrassing photos to a target’s contacts unless the ransom is paid. Armed with data from large breaches, cybercriminals further personalized attacks with actual passwords the target has used.
METHODS OF ATTACK
The cybersecurity arena experienced a renaissance of banking Trojans in 2018, distributed at a volume that exceeded ransomware. The most prolific banking malware was dispersed more than 20 million times.
Of the banking Trojans, Emotet, which functions as a downloader of other banking Trojans, was the most prolific piece of malware AppRiver’s Email Security filters caught in 2018. According to US-Cert, Emotet is among the most costly and destructive malware affecting state, local, tribal and territorial (SLTT) governments, as well as the private and public sectors. Emotet’s aggressive spreading and persistence abilities make it extremely difficult to remove, and poses a significant challenge to SLTT governments into 2019.
In addition to the rise in banking Trojans, 2018 also brought increases in other attack vectors – the Distributed Spam Distraction (DSD) and Business Email Compromise (BEC) attacks.
DSDs utilize the “email bomb” strategy, which is readily available as a service on the Dark Web. DSD attacks in 2018 signed up users for mass amounts of newsletters and free memberships. The users, flooded with welcome emails, were often too overwhelmed by junk mail to notice the fraudulent purchase transaction emails.
New BEC tactics in 2018 included attackers posing as a high-level corporate executives instructing employees to purchase and expense gift cards. The victims were then directed to send images of the gift cards and their exposed pins. A similar attack involved cybercriminals instructing employees to send wire transfers. These were some of the most damaging, costing businesses an average $130,000 per incident.
Social media sites such as LinkedIn helped fuel BEC attacks by providing a never-ending list of names and job titles. In nearly every investigation conducted by AppRiver, the message recipient was active on LinkedIn.
AppRiver also discovered new BEC variants in 2018, such as instances where the attacker sent a vague email to the target with the request to “text me back” at a provided phone number. By switching to SMS, reliable email security tools were taken out of the equation, and the targets become more vulnerable. Expect to see more of these attacks in 2019.
In 2018, the method for delivering new infections changed from attachments to banking stealers, cryptominers and remote access Trojans (RATs). Necurs Botnet sent the highest volume of ransomware seen by AppRiver’s filters, and the Globelmposter ransomware campaign alone caused 56.7 million messages to be filtered in just one month.
Last year also brought an increase in Remote Desktop Protocol (RDP)-based ransomware attacks. With this attack, cybercriminals scanned for open RDP machines and outdated RDP versions, or they simply brute-forced into systems by exploiting weak or commonly used passwords.
Looking Ahead: 2019 Predictions
1. “Living off the land.” Internal ecosystem attacks will increase. For example, malicious actors will send MS phishing emails from MS servers (typically compromised accounts) and use MS Azure storage/custom DNS to host the phishing site. This uses built-in functionality to further falsely establish credibility and appearance, making it challenging to detect.
2. More bleeding-edge attack methods will reach mainstream malware distributors. With the success that malware authors/distributors had leveraging the Eternal Blue exploit to spread malware across an organization via worm capabilities, we fully expect to see the more advanced attack techniques trickle down from the nation-state level attacks to threaten more for-profit attacks against the public.
3. More shock and awe. Attackers will become more emboldened to use scare tactics to extort victims. This year’s sextortion, multiple bomb hoax campaignsand acid attack threats were examples of an increasing intent to scare victims into hurriedly paying a ransom.
4. IoT devices will rapidly grow through the foreseeable future. It’s scary to think how many of these devices already are in use while market penetration has yet to peak. Couple that with very little security features being built into many of these devices and the door for attacks is wide open. Exploits, malware and associated botnets will ride the IoT wave into the future.
5. Nation state actors will continue to decreasingly honor cyber rules of engagement. Indictments and accusations levied at China by the U.S. and UK in late 2018 underscore the scope of activity. Things may get worse before they get better, with political policies and trade agreements potentially escalating cyberwarfare. False-flag operations will increase, and attribution will become more difficult. Expect to see more disruptive cyberattack events committed by nation states that masquerade as financially motivated attacks.
“The lines between hacking, cybercrime, and cyberwarfare are increasingly blurred now,” said Troy Gill, AppRiver senior cybersecurity analyst. “As a result, protecting small- and mid-sized businesses must be considered an integral part of our larger national cybersecurity posture. To be most effective, our strategy must be comprehensive, addressing vulnerabilities at all levels.”
To learn more, download the full, complimentary 2018 Global Security Report here. AppRiver, the leading channel-first provider of cloud-enabled security and productivity services, offers a wide array of cloud-based security solutions. For more information, visit www.appriver.com.
AppRiver is a channel-first provider of cloud-enabled security and productivity services, with a 4,500-strong reseller community that protects 60,000 companies worldwide against a growing list of dangerous online threats. Among the world’s top Office 365 and Secure Hosted Exchange providers, the company’s brand is built on highly effective security services backed by 24/7 white-glove Phenomenal Care® customer service. AppRiver is headquartered in Gulf Breeze, Florida and maintains offices in Georgia, Texas, New York, Canada, Switzerland, United Kingdom and Spain. For more information, please visit www.appriver.com.