In 2017 the amount of cyber attacks had doubled from 2016, and 2018 is looking to be just as bad. Threats are always changing as attackers adapt to defeat modern security controls. Here are some modern threats that any business may face.
Attackers have become aware that brute forcing user accounts, that is, guessing thousands of passwords until the correct one is found is less likely to work because most modern applications and websites will lock the account after 3-5 failed attempts. In response to this, attackers have changed how they approach the problem. A determined attacker who is trying to get into your organization start by harvesting credentials from a site such as LinkedIn or other professional networking sites and pull down the names of current or former employees. Often people link to their company email in their profiles or other places on the internet; attackers use this info to determine the organizations username schema. For example, if an employee’s name is John Doe, often their email would be email@example.com or firstname.lastname@example.org. Once the attacker has a list of all employees and knows the username scheme, they can begin password spraying.
Password spraying is a different form of brute force attack. In a typical brute force attack, the attacker tries to break into an account by guessing the password thousands of times in a row until the proper password is guessed. The drawback is that most applications and websites will lock out your account or at least notify someone if you get your password wrong to many times in a row. To get around this, attackers now utilize a technique called password spraying. Instead of attacking a single account with thousands of password guesses, attackers now spray their password guesses against all employee accounts one account and one password at a time. Attackers will start at the top of their employee list and guess passwords such as <CompanyName1!>, <Spring2018!>, or other common passwords. By the time they get to the end of their employee list, the account lockout timer for the first account has expired, letting them guess another password and continue down their list, without locking out any users or setting off any alarms. With this technique, the attacker evaded the account lockout control and it is only a matter of time until they are able to break into an account. This gives them the “in” and a base to continue their attack from there.
Cryptocurrency is a decentralized online currency. There are several types of cryptocurrency such as Bitcoin, Litecoin, Ethereum, and hundreds of others that can be traded or exchanged for goods, services or other types of real world currencies. One of the ways of “make” cryptocurrency is by mining it. Mining cryptocurrency involves using a computer’s processing power to do complex mathematical computation that verifies the activity that has recently happened to the cryptocurrency such as payments of cryptocurrency or other activity. Individuals generally do not perform crypto-mining because the cost of electricity and the resources it takes to run the computation does not equal out to the small amount of cryptocurrency that an individual would be paid out. But attackers have found a way to use this to their advantage.
With the rise of cryptocurrency, attackers have added crypto-mining attacks to their bag of tricks. Attackers will take over a popular website, online service, mobile app or other program, then they place malicious code on it that will perform crypto-mining. This way an attacker can mine cryptocurrency from anywhere between 100-100,000+ infected computers allowing them to make money from mining while not worrying about the cost of electricity and resources to run all those machines.
This trend of crypto-mining attacks often referred to as “Cryptojacking” has been on the rise since 2017, while ransomware has had a small drop around the same time. Attackers have been turning to Cryptojacking because it offers a more constant revenue stream as opposed to ransomware. Cryptojacking offers a reduced chance of detection allowing attackers to stay on a victim’s computer generating revenue for a longer period of time.
Businesses and individuals that are affected by crypto-mining attacks, could notice several impacts. If you are a business and your website or online service has been taken over by attackers in order to host crypto-mining code, then you can suffer reputation damage, lose customers, and have a increased cost of hosting your website or app. If a business has their computers taken over by attackers to mine crypto currency there will be a loss of employee productivity as crypto-mining can use 50% or more of a computer’s processing power, there would be a significant increase in power consumption for the business. For individuals who are mining crypto currency for attackers they would notice a sluggishness in their computer as their resources are used to mine cryptocurrency instead of doing what the user wants it to do.