Raj Samani - Chief Scientist - McAfee LLC
Underground cybercriminal gangs have their sights set on the clouds
Monday 04, February 2019 BY ANNUAR NABILAH
According to a team of experts, only one thing is certain when it comes to cybercrime: it is impossible to limit its impact. Everything is now connected and violating one platform is a gateway to another. According to The McAfee Labs 2019 Threats Predictions Report, corporate data, home IoT devices and brand reputations will be under siege this year, with cybercriminals infiltrating social media, the cloud and mobile phones.
The McAfee team believe that in 2019, underground cybercriminals will join forces to become sophisticated gangs; artificial intelligence will help cybercriminals hone their evasion techniques; bad actors will combine multiple attack types to create synergistic super threats; data stored in the cloud will be under serious threat; digital assistants will become accessories to cybercrime in the home; and data-rich social media platforms will continue to be popular attack targets.
Sound of the ground
Hidden hacker forums and chat groups serve as a black market for cybercriminals, who can buy malware, exploits and botnets. These one-stop shops make it easier for entry-level criminals to execute successful attacks. With these off-the-shelf products, criminals of varying experience and sophistication can easily launch attacks, the report warns.
In 2019, McAfee predicts that this underground industry will consolidate, creating larger cybercriminal gangs. Established criminal networks will partner with other top-level services such as money laundering, evasion techniques and vulnerability exploits. As evidenced by conversations within the underground community, an increase is expected in mobile malware, botnets, banking fraud, ransomware, and attempts to bypass two-factor authentication.
To increase their chances of success, attackers have long employed evasion techniques to bypass security measures and avoid detection and analysis. Packers, crypters and other tools are common cyber weaponry. In fact, an entire underground economy has emerged, offering products and dedicated services to aid criminal activities.
McAfee predicts that in 2019, due to the ease with which criminals can now outsource key components of their attacks, evasion techniques will become more agile due to the application of artificial intelligence. Think the counter-AV industry is pervasive now? This is just the beginning. As security gets stronger, bad actors need to be increasingly inventive.
The availability of modular attack components on the underground market is expected to enable attackers to combine and repurpose established tactics and technologies to achieve new goals. With artificial intelligence, cybercriminals will have the ability to automate target selection, scan for target network vulnerabilities, and assess the posture and responsiveness of infected environments to avoid detection before deploying later stages of attacks.
Bots will also play a part. Bots used to amplify deceitful messaging have already been created and are available for sale on the cybercriminal underground. Following in the footsteps of recent infamous nation-state campaigns to sway public opinion, cybercriminals will likely repurpose bots and leverage social media to extort organisations by threatening their brands.
Beyond the clouds
With access to increasingly complex tools and tactics, cybercriminals are aiming for more sophisticated targets. In 2019, cybercriminals are anticipated to target intellectual property, internet of Things (IoT) in the home and identity credentials via the cloud, digital assistants, and social media platforms.
As much as 21 per cent of the content now managed in the cloud contains sensitive materials such as intellectual property, customer and personal data. Possible scenarios the report gives include cloud-native attacks targeting weak APIs or ungoverned API endpoints, expanded reconnaissance and exfiltration of data in cloud databases, and leverage of the cloud as a springboard for cloud-native man-in-the-middle attacks to launch crypto jacking or ransomware attacks.
“With the increased adoption of Office 365, we have noticed a surge of attacks on the service—especially attempts to compromise email,” the report said. “One threat the McAfee cloud team uncovered was the botnet KnockKnock, which targeted system accounts that typically do not have multifactor authentication. “We have also seen the emergence of exploits of the trust model in the Open Authorisation standard.
One was launched by Fancy Bear, the Russian cyber espionage group, phishing users with a fake Google security app to gain access to user data.”
As tech fans continue to fill their homes with smart gadgets, from refrigerators and motion sensors to lighting, the means of gaining entry to a home network are growing rapidly, especially given how poorly secured many IoT devices remain.
However, the report warns that the real key to the network door this year will be the voice-controlled digital assistant, a device created in part to manage all the IoT devices within a home. How could a cybercriminal resist the opportunity to control someone’s home or office?
According to McAfee, bad actors will make use of malicious code designed to attack not only IoT devices but also the digital assistants that are given so much licence to talk to them. New mobile malware will likely investigate smartphones, tablets, and routers to gain access to the digital assistants and home IoT devices they control.
Once infected, these devices can serve as a picklock to consumer homes while supplying botnets, which can launch DDoS attacks or grant cybercriminal access to personal data and the opportunity for other malicious activities such as opening doors and connecting to control servers. Infected IoT devices will supply botnets, which can launch DDoS attacks, as well as steal personal data.
The more sophisticated IoT malware will exploit voice-controlled digital assistants to hide its suspicious activities from users and home-network security software. Malicious activities such as opening doors and connecting to control servers could be triggered by user voice commands. “In 2018, we witnessed even greater collaboration among cybercriminals through underground alliances,” said Raj Samani, Chief Scientist at McAfee.
“This collaborative mentality has allowed for efficiencies in underground technologies and tactics, and the evolution of bad actors into some of the most organised and agile adversaries in the world. However, while we expect the underground market collaboration to continue, the year 2019 will also see cybersecurity alliances of defenders continuing to mature and further fortify defences.”