What does the future hold? According to security firm Proofpoint, attackers will continue to exploit us fragile and fallible humans to install malware, transfer funds, and steal information.
Happy new year!
More local network attacks
Email will remain still be the most popular way to spread malware, but known vulnerabilities and leaked exploits will allow rapid spread to other systems on internal networks. Unlike the ransomworms of 2017, however, these new attacks will include increasingly sophisticated features that limit the spread to computers on the local network of the initial infection.
Banking Trojans, information stealers, downloaders, and coinminers will be the preferred payloads for attacks focused on profit, while ransomware, MBR wipers, and other destructive tools will remain top dog for campaigns focused on disruption.
In 2018, malware and phishing designed to steal cryptocurrency – either directly or indirectly – will become almost as common as banking Trojans in email-based campaigns, targeting wallets, credentials, cryptocurrency exchanges, and CPU cycles.
And as the computational costs for the most popular currencies like Monero and Litecoin rise, and make generation by distributed bots impractical, attackers will shift to alternatives such as Ethereum and even some "private-issue" coins that gain traction with the public.
Good for Bad Innovation
Like DDE abuse, "good for bad" techniques will see rapid adoption by attackers - but then after several weeks will decrease and become part of a "rotating toolkit" of infection techniques from which attackers can choose to carry-out social engineering-based attacks to spread malware, steal credentials and information, and steal funds.
Exploits for new vulnerabilities will take off and then be dropped quickly, with longer-term use by a handful of specialised attackers who distribute RATs and other information- and access-stealing malware.
Social Media Focus
Expect an increase in social media bots - expanding beyond public influence campaigns to financial gain. They will be automatically distributing malware, linking to spam sites and phishing. As these bots evolve, they will become less distinguishable from humans, increasing both their potential influence and effectiveness. A lot of these social media bots will be homegrown, but may also leverage existing services and accounts compromised through social engineering attacks.
Pirated content on social media – which has already increased 20 per cent since the beginning of 2017 – will increase rapidly as the promise of free content is used to lure users to cryptocurrency mining pages. Streaming sites are ideal platforms for conducting in-browser coinmining; they are quite sticky and keep users on the same page for long periods of time.
There's already been a 20 per cent year-over-year increase in suspicious domain registrations. These domains are likely intended for fraud, typosquatting, spoofing, and other malicious schemes, and this trend will only increase for email authentications.
Businesses will start demanding that their trading partners implement email authentication, and "partner spoofing" will increase in response.
"Partner spoofing" is still relatively rare in BEC and targeted phishing attacks, but as identification and authentication of messages within business' own infrastructure increases, attackers will make greater use of this technique in order to abuse billing and other supply-change relationships.
You can read the full report here.