Virtualization Technology News and Information
Barracuda 2018 Predictions: Rising Malware, Enterprise Phishing and Increased Domain Spoofing

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by members of the Barracuda team

Rising Malware, Enterprise Phishing and Increased Domain Spoofing

Mass ransomware vs. targeted ransomware

eugene weiss 

"We are seeing a rapid increase in the volume of mass ransomware threats, and this trend will continue over the next 12-24 months.  The growing availability of crypto-currencies provides the attacker with the possibility to remain anonymous while conducting mass attacks.  By demanding a relatively small payment from a large number of victims, the attacker is able to run a ‘numbers game' that increases the likelihood that he will earn a profit while remaining anonymous.  New cryptocurrencies that are more anonymous than Bitcoin will accelerate this trend, and the small payment sizes make it more likely that victims to pay.

In contrast to the ‘numbers game,' targeted ransomware involves a focused effort to penetrate a large and often well-protected entity.   The successful targeted attack often involves several hours of research as well as trial-and-error attacks.  With mass ransomware, attackers can cast a wide net and wait for victims to take the bait.  The targeted attack also carries a higher risk of communications with the victim and an increased likelihood of sophisticated law-enforcement resources.  

Since smaller organizations continue to pay the ransom, mass ransomware has become a threat epidemic and will not slow down anytime soon." - Eugene Weiss, Lead Platform Architect, Barracuda

Spear phishing to take enterprise approach

Asaf Cidon 

"Spear phishing will continue to grow as long as it continues to be successful for cybercriminals. Spear phishing, highly targeted attacks that leverage impersonation of an employee or a popular web service, have been on the rise, and according to the FBI, these attacks have proven to be extremely lucrative for cybercriminals.

These attacks will continue to grow in number as well as become more sophisticated in terms of how they research and target their victims. In 2018, there will be a large increase of multi-stage spear phishing attacks that involve multiple steps, research and reconnaissance on behalf of the attacker targeting a small number of targets for very large pay outs. Cybercriminals are now taking an "enterprise" approach. Similar to B2B enterprise sales, they go after a smaller number of targets, with the goal of extracting a much greater payload with highly personalized attacks. The latest iteration in social engineering involves multiple steps. The sophisticated cybercriminals don't try to target company executives with a fake wire fraud out of the blue. Instead, they first infiltrate the organization, and then use reconnaissance and wait for the opportune time to trick their targets by launching an attack from a compromised mailbox.

Organizations will have to invest in cutting edge tools and tactics in order to thwart spear phishing attackers. AI for real-time spear phishing defense offers some of the best hope in stopping these cybercriminals in their tracks." - Asaf Cidon, VP of Content Security, Barracuda

Increased complexity of domain spoofing and brand hijacking

Fleming Shi 

"Domain spoofing has been increasing rapidly and will continue to grow through 2018. Spoofing is a type of impersonation attack that tricks the victim into thinking that a criminal is someone else.  Criminals use domain spoofing to impersonate a company or a particular company employee. The criminals often send emails to customers or partners of the company in order to steal credentials and gain access to company accounts on behalf of a company to its customers and partners to steal credentials and gain access to their accounts. This is often the beginning of a multi-stage strategy to steal data and commit fraud with organizations that is quickly becoming the costliest cyber-attacks out there today.

There has been a stark increase in volume of mass phishing attacks where cybercriminals are spoofing popular e-commerce and consumer brand names and websites aimed to both steal information. The actual names of the brands these attackers impersonate is less important than the tactic, as criminals quickly change brand names with new attempts. The goal is to convince the unsuspecting to either download malicious documents or login into a fake account resulting in surrendered account credentials - which then leads to all sorts of hurtful behavior. Attackers can take user credentials and retrieve credit card information, additional personal information, and learn more about their victim's online behavior for future social engineering attacks. They will actually build websites that mimic actual brand name websites in the hopes to siphon victims during high times of shopping. Even though these counterfeit sites are not identical to those actual sites of the impersonated big brands, attackers are counting on the fact that most consumers do not buy direct from these brands directly, and therefore won't recognize what their home page actually looks like.

Brand hijacking in both emails and spoofed websites will only continue to grow in the next year, and both companies and consumers need to be on the guard, educated and ready for these threats to come around." - Fleming Shi, SVP of Technology, Barracuda

Growing threat of secure bank messages

"We have seen a stark increase in email attacks that impersonate secure messages from financial institutions. These fake "secure messages" carry malicious content and malware for download.

Impersonation is one of the most common tactics used in email attacks because it works very well. These impersonation threats leverage the relationship a victim has with his bank and the associated trust the victim may have in his bank's online communication.  A victim who engages in online communication with the bank is usually of high value to these criminals.

These impersonation threats carry malicious word documents that often appear harmless, but include an embedded script that can be updated by attackers at a later date.  This script can be modified to deploy a variety of threats including ransomware or advanced persistent threats. These attacks are very difficult to spot by end users as the email domains used in this attack are designed to look like real emails that customers might receive from an actual bank.

The volume of these attacks is rapidly increasing, so plan to see more of these fake secure messages in the coming year."  - Fleming Shi, SVP of Technology, Barracuda


Published Wednesday, January 03, 2018 7:18 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2018>