The viruses of the 1990s and early 2000s have evolved into subtler yet progressively more harmful attacks. As we transition to a world in which cyber war is increasingly detrimental to societies, the cyber threats we are encountering are becoming harder to defend against and even more difficult to eradicate.
In a recent blog post we discussed 4 cyberattacks to prepare for in 2018. Though these attacks will definitely be significant this year, there are some more sinister and nearly undetectable threats to consider as well.
File-less Cyber Attacks
It seems cybercriminals have begun making the traditional method of malware infection obsolete by means of what experts have named “file-less malware.” As opposed to infecting devices by hiding malware in downloadable — not to mention traceable — files, hackers are now able to infiltrate applications or files already stored on users’ devices. This makes them impervious to firewalls and anti-virus software that works on blocking new infected files from being installed in the first place.
The act of implanting malware with file-less methods is termed “living off the land.” Symantec Corporation developed the Internet Security Threat Report Living off the land and file-less attack techniques, which outlines four key methods of file-less infection: memory only threats, file-less persistence, dual-use tools and non-portable executable (non-PE) file attacks:
- Memory-only attacks occur when a hacker exploits some vulnerability in the Windows service to install a worm directly into the internal memory of a device. These types of attacks aren’t new (the first one being Code Red in 2001), however they’re wreaking more havoc presently as hackers are growing in number and learning more efficient ways of infecting systems.
- File-less persistence indicates an infection that is generally stored in the Windows Registry, meaning even if the infection has been eradicated by the victim, when the user reboots their system the infection will re-emerge.
- Dual-use tools are applications that are seemingly harmless to a system, like Windows Notepad, that have been infected to obtain user data for hackers to simplify malware installation.
- Non-PE file attacks involve some form of script and a legitimate tool. Though this means they do in fact use files to infect, the scripts are easily obscured and therefore very difficult to detect. Once the document has been opened, the program used to open the script will become infected with the malware (like Microsoft Office docs or PDFs).
As cryptocurrency (such as Bitcoin, Ethereum, and Litecoin) grows in popularity and value it is becoming a massive target for cybercriminals. Many hackers are taking over large numbers of devices and using them to secretly mine for cryptocurrencies — the practice is being referred to as Cryptojacking. There isn’t one specific type of device being targeted; generally, hackers will infect a system with a malware like Coinhive, which hides in a website’s code and steals the processing power of the user’s device. Therefore, any device that can access the web is at risk, including smartphones. Both UK and US government websites have been hijacked, resulting in visitor’s devices being appropriated and used for mining.
These current, more insidious cyber threats are difficult to detect and eradicate once devices have been infected. Maintaining your data in alternate spaces is incredibly important to avoid company downtime if a security breach does make its way into your systems. The StorageCraft® Recovery Solution™ copies your data and keeps it on our own Cloud to ensure all your important files are maintained in case of a cyberattack. Feel safe with StorageCraft! Contact us today for more information on our services and tips on staying safe from the cybersecurity threats of the day.