The first six months of 2019 saw organizations dealing with a broad range of incoming threats and, more urgently, tackling threats that had already gained a foothold in their systems.
Malware that “lived off the land,” or took advantage of legitimate and whitelisted tools to carry out malicious actions, was prevalent, said researchers at Trend Micro in their report entitled, “Trend Micro 2019 Mid Year Report: Evasive Threats, Pervasive Effects.”
Ransomware, an old threat, refocused on particular targets. Phishing, another perennial peril, used new platforms to ensnare victims. And the number of disclosed high-impact vulnerabilities drew concern and underscored the need for a better understanding of real-world risks.
In the first half of 2019, cybercriminals were more selective about their ransomware targets, concentrating mainly on multinationals, enterprises, and even government organizations, according to the report.
Their plan of attack involved sending employees tailored phishing emails, exploiting security gaps to gain access into the network, and then moving laterally within the network.
The LockerGoga ransomware, for example, hit a Norwegian manufacturing company and halted production in several of its plants in March, eventually resulting in over $55 million in financial losses. And the city of Baltimore, Maryland, incurred $5.3 million in recovery costs after its systems were infected with the RobbinHood ransomware in May.
Some municipal organizations ended up pressured into simply paying the ransoms in hopes of quickly restoring the affected systems used for their public services.
On another front, botnets and worms had been fighting for control of exposed devices connected to the Internet of Things (IoT). The various contenders trying to edge out and literally erase the competition — including Bashlite as well as Mirai variants like Omni, Hakai, and Yowai — had this routine in common: Scanning for competitors on infected IoT devices, deleting the other malware, and embedding their own payloads.
The Industrial Internet of Things (IIoT) has transformed how industrial facilities and critical infrastructures run, providing an unmatched boost in efficiency and visibility into enterprise operations. However, the convergence of operational technology (OT) and information technology (IT) has also brought new security risks and resulted in broader attack surfaces, the report said.
Along those lines, a survey published in March found 50 percent of organizations already experienced an attack on their critical infrastructures in the past two years. And in 2019, malicious actors seemed to be assessing IIoT targets. The Xenotime hacking group, believed to be behind the Triton, and Trisis, malware, was seen probing the industrial control systems (ICSs) of power grids in the U.S. and Asia-Pacific region. The malware scanned for and listed its targets’ remote login portals and vulnerabilities in their networks.
Click here to download the report.