Virtualization Technology News and Information
Article
RSS
Recorded Future 2019 Predictions: The Return of Ransomware, Nation-State Crypto-Mining and Apache Struts

Industry executives and experts share their predictions for 2019.  Read them in this 11th annual VMblog.com series exclusive.

Contributed by Allan Liska, Senior Solutions Architect at Recorded Future

The Return of Ransomware, Nation-State Crypto-Mining and Apache Struts

Last year was an unprecedented year for the cyber community. At the start of 2018, cryptocurrency was experiencing a bull market; Cambridge Analytica was just beginning to unspool issues of third-party data sharing and misinformation amongst social media platforms; and organizations were still dealing with the long-tail effects of late 2017's WannaCry ransomware and Equifax breach as GDPR kicked in. As we enter 2019, ironically, not much has changed besides the public's awareness around the issues we face and the price of bitcoin -- hopefully you didn't buy at the top of the market.

Looking ahead, here are three of my expectations for 2019:

1. Ransomware Returns

Among criminal actors, expect crypto-mining to fall off and ransomware to return; crypto-mining has not been as profitable for many cybercriminals as originally intended. Unless an attacker can infect tens or hundreds of thousands of devices it is difficult to make even close to the money that can be made from a successful ransomware campaign. On the other hand, ransomware actors behind the SamSam, BitPaymer and CrySIS ransomware campaigns have created a blueprint for a new generation of ransomware attacks. By using open RDP servers as a method of entry vice more traditional phishing or web exploitation campaigns these actors have seen a lot of success with their ransomware attacks. SamSam, for example, has made almost $6 million from ransomware attacks using this tactic. We are already starting to see new ransomware variants copy this model and we expect to see a new crop of ransomware families continue to expand on this method of attack.

2. Nation-State Crypto-Mining

There will be more heavily sanctioned nation-state actors engaging in crypto-mining attacks. North Korea has used crypto-mining as a successful strategy to raise money for the state, despite being heavily sanctioned. This strategy appears to be replicated by the Houthi forces in Yemen and there have been rumors of the same type of activity in Venezuela and Iran. More nations that are sanctioned or otherwise have limited access to funds will turn to cryptocurrency mining as a strategy to raise funds to replace depleted funds.  

3. Apache Struts Exploit

There will be a major breach announced that originated with an Apache Struts vulnerability. In 2018 we saw the release of two critical Apache Struts vulnerabilities, CVE-2018-1327 and CVE-2018-11776, which are both remotely executable and there are already a number of botnets scanning for these vulnerabilities. Apache Struts presents a unique challenge because it is baked into so many other programs that are designed to be internet facing, which means that a traditional vulnerability scanner may not detect Apache Struts, but the botnets scanning for the vulnerabilities will pick it up.

##

About the Author

Allan Liska 

Allan Liska is an intelligence analyst at Recorded Future. Allan has more than 15 years' experience in information security and has worked as both a blue teamer and a red teamer for the intelligence community and the private sector. Allan has helped countless organizations improve their security posture using more effective and integrated intelligence. Allan is also one of the organizers of BSides Bordeaux and has presented at security conferences around the world on a variety of topics. He is the author of The Practice of Network Security, Building an Intelligence-Led Security Program, and Securing NTP: A Quickstart Guide and the co-author of DNS Security: Defending the Domain Name System and Ransomware: Defending Against Digital Extortion.

Published Friday, February 01, 2019 8:01 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
top25
Calendar
<February 2019>
SuMoTuWeThFrSa
272829303112
3456789
10111213141516
17181920212223
242526272812
3456789