More sophisticated cybercriminals are turning to targeted ransomware attacks on computers, phones, and other gadgets and reaping millions of dollars from unsuspecting victims, a report says, indicating that the practice is set to rise in 2019.
The 2019 report published by Sophos Group plc, a British security software, and hardware company, indicates that cybercriminals are using readily available Windows systems administration tools as their route to advance through a system to steal sensitive information off the server or drop ransomware.
“These attacks are different than ‘spray and pray’ style attacks that are automatically distributed through millions of emails. Targeted ransomware is more damaging than if delivered from a bot, as human attackers can find and stake out victims, think laterally, trouble shoot to overcome roadblocks, and wipe out back-ups so the ransom must be paid. This ‘interactive attack style,’ where adversaries manually maneuver through a network step-by-step, is now increasing in popularity,” the report warns.
The SophosLabs 2019 report further says cybercrime is precipitated by the continued threat of mobile devices.
“Malware’s impact extends beyond the organization’s infrastructure as we see the threat from mobile malware grow apace,” the report reads in part.
“With illegal Android apps on the increase, 2018 has seen an increased focus in malware being pushed to phones, tablets and other IoT devices. As homes and businesses adopt more internet-connected devices, criminals have been devising new ways to hijack those devices to use as nodes in huge botnet attacks.”
The report indicates that in 2018, VPNFilter demonstrated the destructive power of weaponized malware that affects embedded systems and networked devices that have no obvious user interface.
Elsewhere, Mirai Aidra, Wifatch, and Gafgyt delivered a range of automated attacks that hijacked networked devices to use as nodes in botnets to engage in distributed denial-of-service attacks, mine cryptocurrency and infiltrate networks, the report adds.
Sophos experts believe the financial success of SamSam, BitPaymer and Dharma has inspired copycat attacks and expect more happen in 2019.
The SophosLabs 2019 report indicates that many of the worst manual ransomware attacks started when the attacker discovered that an administrator had opened a hole in the firewall for a Windows computer’s remote desktop.
“Closing these easy loopholes goes a long way to preventing these kinds of attacks. If you need to RDP, put it behind a VPN. Multi-factor authentication is an amazingly effective tool for preventing the abuse of stolen credentials. If you’re not using it now, you should be,” the report says.
The report adds that administrators who manage networks should limit their use of the Domain Admin credentials to a dedicated machine or machines that are used for no other purpose.