Trend Micro recently published its roundup report for the first half of 2019, titled Evasive Threats, Pervasive Effects: 2019 Midyear Security Roundup, to members of the media in Kuala Lumpur. The report reveals a rising number of “fileless attacks” – stealth attacks that are executed in the system’s memory, or reside in the system’s registry. Since these attacks do not require files to be written or downloaded, they typically leave no footprint and can therefore be used to disguise malicious activity.
Cybercriminals were also found to increasingly be using “living off the land” tactics by abusing or repurposing legitimate system administration or penetration testing tools to hide their malicious activities. Detections of fileless attacks alone were up 265% compared to the first half of 2018.
The findings have so far confirmed many of Trend Micro’s predictions made last year. One key prediction that the security firm made was that attackers would be getting smarter and target businesses as well as environments that would give them the greatest “return on investment”. Among the most popular mode of attack involved sending employees tailored phishing emails, exploiting security gaps to gain access into the network, and then moving laterally within the network.
“Sophistication and stealth are the name of the cybersecurity game today, as corporate technology and criminal attacks become more connected and smarter,” said Goh Chee Hoh, Managing Director for Trend Micro Malaysia. “From attackers, we saw intentional, targeted, and crafty attacks that stealthily take advantage of people, processes and technology. However, on the business side, digital transformation and cloud migrations are expanding and evolving the corporate attack surface. To navigate this evolution, businesses need a technology partner that can combine human expertise with advanced security technologies to better detect, correlate, respond to, and remediate threats.”
In the first half of 2019, Goh shared that close to 2.5 million malware threats were detected in Malaysia alone, which ranked second in ASEAN, after Singapore, and 16th globally. Additionally, Malaysia ranked third in the ASEAN region, behind Thailand and Vietnam, for detecting 3,568 banking malware threats during the same period.
Along with the growth in fileless attacks, the report found that exploit kits have also made a comeback, with a 136% rise compared to the same period in 2018. Exploit kits contain exploits that can target commonly used software such as Adobe Flash Player and Java, and are used to attack system vulnerabilities and distribute malware or perform other malicious activities. Goh stated that Malaysia experienced 454 exploit kit attacks during the period, at an average of 75 attacks per month, ranking second in the ASEAN region after Thailand.
The most detected threat, however, remained to be cryptomining malware attacks – with attackers continuing to target servers and cloud environments to secretly hijack these resources and secretly mine cryptocurrency. Substantiating another prediction, the number of routers involved in possible inbound attacks jumped 64% compared to the first half of 2018, with more Mirai malware variants searching for exposed IoT devices.
Digital extortion schemes have also risen significantly (up 318% compared to the second half of 2018), which aligns with previous projections. Business email compromise (BEC) remains a significant threat, with detections increasing by 52%. Ransomware-related files, emails and URLs also grew 77% over the same period. What’s shocking is that two years after the Wannacry global ransomware outbreak, it was still the most detected ransomware family, recording numbers that far exceeded those of the other ransomware families combined – a sign that large number of businesses are still using unpatched or outdated (and most definitely exposed) computer systems.
In total, Trend Micro blocked more than 26.8 billion threats in the first half of 2019, over 6 billion more than the same period last year. Of note, 91% of these threats entered the corporate network via email.
Also present during the media briefing was Rik Ferguson, Trend Micro’s Vice President of Security Research, who emphasised the need for all businesses, regardless of size, to strengthen their cyber defences and not leave cybersecurity behind in the midst of all the innovation, especially as the region gears up for the Fourth Industrial Revolution (IR4.0).
“If you don’t take security with you into IR4.0, there’s going to be a huge impact on your ability to do business, your ability to service your customers, and maybe even your ability to continue to exist as a business,” said Rik. He added that this is especially important in the early adoption of newer technologies where “a large part of retaining your customers is based on reputation and trust”. So, he said security is really the key to their success.
As new touchpoints are introduced into an organisation’s structure, it is crucial for them to be secured through a concerted effort that directly integrates cybersecurity into the organisation’s IT strategy. Mitigating these advanced threats requires a smart defense that can collate and correlate data from across the gateways, networks, servers, and endpoints to best identify and stop attacks.