Hackers are successful for the same old reasons

null

With technology always evolving, it would be reasonable to assume that the approach to hacking is always changing too. However, years of annual reports and insights across the industry have shown that, to some degree, this is not true. That is to say, while the specific modes of attack and popular hacks may change, the reasons why they succeed have remained largely static. The cyber security landscape in 2019 will not exactly be alien territory to the seasoned hacker, as the usual paths to sensitive data will likely remain clear and open.

When it comes to the preferred vector of attack, we’ve seen some changes, with hackers moving away from methods like ransomware and quickly turning their attention to the crypto sector with their newest weapons. With cryptomining increasing in popularity, hackers shifted their focus to finding ways to take a piece of the increasingly attractive cryptocurrency pie.

A clearer idea of the sources of attacks did little to motivate companies into action, leading to important questions heading into 2019. How will users and companies react to similar, but clearly different attacks? Will they be able to fix the vulnerabilities that plagued them for years? While the answers to some questions are clear, others are less so.

Hackers change their tactics

Our yearly look at the biggest trends in the cybersecurity landscape revealed a widening gap between hackers’ sophistication and their victims’ defences. On one hand, ransomware experienced a general decrease in popularity — though that could be due to malicious actors taking time to work on newer, sneakier tools— and this gave way to other hacking methods. These new methods methods (specifically cryptomining malware and the Magecart campaign, a card-skimming scam that has affected nearly 6,400 websites) still use the same strategies (injecting scripts into websites, downloading malware, etc.), showing that despite their sophistication, these hacks target the same gaps cyber security experts have pointed to for years. 

Ransomware was, and still is, a costly reality for corporations. Some reports put the potential cost of ransomware in 2019 as high as £8.8 billion.  Regardless, ransomware infection rates have been on the decline for the past two years, reaching as low as 10 per cent in December 2017. 2019 will likely see a more sophisticated approach to ransomware, along with the other major hacking methods. As mentioned above, cryptomining, which has become an increasingly popular money-making mechanism, has also opened the doors for crypto-related attacks.

Cryptojacking — a cryptomining attack where hackers compromise machines through a variety of means to benefit from their CPU — has become the attack du jour, with a McAfee report showing a 629 per cent increase in the first quarter of 2018 alone and nearly 59 per cent of UK firms falling victim at some point. A study by the Cyber Threat Alliance in September of last year found reports of cryptomining-based attacks had jumped by approximately 400 per cent, while a separate study earlier in 2019 found that, in total, hackers have successfully mined nearly 4.3 per cent of all Monero (a privacy-oriented cryptocurrency) to date, for a grand total of more £43.4 million.

Our defences stay the same

The bigger problem is that existing defences and vulnerabilities have not been properly addressed to protect against these new threats. In fact, in our study, a comparison of the biggest critical and high security issues in 2017 and 2018 reveals that almost nothing has changed. Looking through all the critical and high-risk flaws found in our penetration test reports, the most commonly occurring remained the same. Outdated or unpatched components sat at 22 per cent, while the three other major factors — XSS, default or weak passwords, and SQL injections — remained largely unchanged at around 6 per cent, 5 per cent and 4 per cent respectively.

Unpatched software is likely to remain the biggest threat. Unpatched or out-of-date software happens both on an individual and a corporate level — users don’t update their own computers, and companies refuse or neglect to spend the time and money needed to keep software patched and up to date. This is demonstrable in the number of hacks we keep seeing despite the fact that the security solutions to prevent them are out there.

Moreover, individuals rarely realise that a single node in a network can be enough to create massive headaches at best, and catastrophic issues at worst. A report by Veracode highlights an even bigger issue – even after companies discover vulnerabilities that stem from unpatched software, these problems can remain unfixed for several months. The gap between reporting and fixing these errors leaves companies wide open for attacks, as the Equifax case showed. Though Equifax, and other major hacks, were high-profile, they have done little to create further awareness of the underlying problem of unpatched vulnerabilities.

What 2019 holds in store

Nevertheless, the outlook for 2019 holds both opportunities and threats. On the positive side, new attacks, even as they become more sophisticated, still target many of the same problems. Even so, companies have been slow to fix the issues that have plagued them for years. As ransomware and some of its variants fall out of vogue, other attacks—especially in the card fraud and crypto arenas—are becoming popular. Similarly, the technology we are embracing, such as IoT devices, give hackers additional touch points through which to access our devices and networks.

2019 will see IoT come to the forefront of the cybersecurity conversation as the technology is prime for breach due to manufacturers’ systemic neglect of upgrading security standards and improving existing hardware. The technology remains highly vulnerable, and offers hackers an easy pathway into a company’s network. As IoT devices become increasingly prominent in our homes, offices, and even cities, the risk of things like unpatched software, XSS vulnerabilities, and other attack vectors will be exacerbated. Additionally, a continued deprioritistion of these security issues, along with the fact that attackers are developing increasingly stealthier methods in order to stay under the radar, could mean that we’re more vulnerable than ever to unknown hackers. The fact is, to a large extent, hacking hasn’t had to change much as there has always been plenty of opportunity to target the low hanging fruit, i.e. poorly secured of configured systems with known vulnerabilities.

As the crypto craze fades, or at least comes down somewhat, and the real cost/benefit of cryptojacking becomes apparent. It’s significantly lower than many would think, and these types of attacks should become less frequent. In some instances, cryptomining will lose its profitability as the market wanes, leading to fewer cases of malicious cryptomining. Regardless, because of the ease with which they’re deployed, it’s not likely we’ll see them completely disappear.

In the end, 2019’s security outlook will depend on several factors. Hackers will continue to adapt and devise new attacks to beat changing security standards. Progress will depend on companies’ ability to develop and follow best practices for cyber security, including a consistent patching policy. Moreover, businesses’ effectiveness in implementing these changes will rely on their capacity to educate teams, as well as their access to affordable and reliable security solutions.

Oli Pinson-Roxburgh, Managing Director, Bulletproof
Image Credit: Welcomia / Shutterstock