Cybercriminal underground dangerously sound
With a distinct lack of Christmas cheer the cybercriminal underground is looking menacingly potent to fintech and destined to be around for a while.
In the “McAfee Labs Threats Report: December 2018”, it examined activity in the underground and the evolution of cyber threats in Q3 2018. In the financial sector, data breaches increased by 20% and banking Trojans took “uncommon approaches”. Just last week, McAfee warned about a new malware campaign “Operation Sharpshooter” aiming for UK’s fintech.
Back to Q3, where McAfee Labs saw an average of 480 new threats per minute and a sharp increase in malware targeting internet of things (IoT) devices.
The ripple effect of the 2017 takedowns of Hansa and AlphaBay dark web markets continued as entrepreneurial cybercriminals took new measures to evade law enforcement.
“Cybercriminals are eager to weaponise vulnerabilities both new and old, and the number of services now available on underground markets has dramatically increased their effectiveness,” says Christiaan Beek, lead scientist at McAfee. “As long as ransoms are paid and relatively easy attacks, such as phishing campaigns, are successful, bad actors will continue to use these techniques.”
Each quarter, McAfee assesses the state of the cyber threat landscape based on research, investigative analysis, and threat data.
In terms of e-commerce site malware, cybercriminals have shifted their focus from point-of-sale systems to payment platforms located on large e-commerce sites.
Cybercriminal groups, such as Magecart, have skimmed thousands of credit card details directly from victim websites, which has fuelled demand for both credit card details and the malicious tools that can be used to steal them.
Furthermore, as organisations implement additional security measures, cybercriminals are responding accordingly. For example, as organisations add geographic IP location checks for online purchases, the demand for compromised computers from the same sip code as the stolen credit card information increases.
With regards to cryptomining and IoT, McAfee notes that IoT devices such as cameras or video recorders have not typically been used for cryptomining because they lack the CPU power of desktop and laptop computers.
However, cybercriminals have taken notice of the growing volume and lax security of many IoT devices and have begun to focus on them, harnessing thousands of devices to create a mining super-computer.
New malware targeting IoT devices grew 72%, with total malware growing 203% in the last four quarters. New coin mining malware grew nearly 55%, with total malware growing 4,467% in the last four quarters.
In terms of industry targets, McAfee researchers observed banking malware include two-factor operations in web injects to evade two-factor authentication. These tactics follow a broad effort on the part of financial institutions to increase security in recent years.
Its researchers observed a new malware family, CamuBot, targeting Brazil in Q3. CamuBot attempts to camouflage itself as a security module required by the financial institutions it targets.
Although organised cyber gangs in Brazil are very active in targeting their own population, their campaigns have been crude in the past. With CamuBot, Brazilian cybercriminals appear to have learned from their peers, adapting their malware to be more sophisticated and comparable to that on other continents.
New mobile malware decreased by 24%. No mention of fintech, but despite the downward trend, some unusual mobile threats appeared, including a fake Fortnite “cheat” app and a fake dating app.
It’s grim reading and we (sort of) look forward to seeing McAfee’s Q4 report.