+
EDITOR’S QUESTION
RAJ SAMANI CHIEF SCIENTIST
AND MCAFEE FELLOW, ADVANCED
THREAT RESEARCH
///////////////////
H
idden hacker forums and chat groups
serve as a market for cybercriminals,
who can buy malware, exploits,
botnets, and other shady services. With
these off-the-shelf products, criminals of
varying experience and sophistication can
easily launch attacks. In 2019, we predict
the underground will consolidate, creating
fewer but stronger malware-as-a-service
families that will actively work together.
These increasingly powerful brands will drive
more sophisticated cryptocurrency mining,
rapid exploitation of new vulnerabilities,
and increases in mobile malware and stolen
credit cards and credentials.
We expect more affiliates to join the biggest
families, due to the ease of operation and
strategic alliances with other essential
top-level services, including exploit kits,
crypter services, Bitcoin mixers, and counter-
antimalware services. We still see numerous
types of ransomware pop up, but only a few
survive because most cannot attract enough
business to compete with the strong brands,
which offer higher infection rates as well as
operational and financial security.
Underground businesses function
successfully because they are part of a trust-
based system. We have seen this trust in the
past, with the popular credit card shops in
the first decade of the century, which were
a leading source of cybercrime until major
police action broke the trust model.
As endpoint detection grows stronger, the
vulnerable remote desktop protocol (RDP)
www.intelligentcio.com
offers another path for cybercriminals.
In 2019, we predict malware, specifically
ransomware, will increasingly use RDP as
an entry point for an infection. Currently,
most underground shops advertise RDP
access for purposes other than ransomware,
typically using it as a stepping stone to gain
access to Amazon accounts or as a proxy
to steal credit cards. Targeted ransomware
groups and ransomware-as-a-service (RaaS)
models will take advantage of RDP, and we
have seen highly successful under-the-radar
schemes use this tactic.
We also expect malware related to
cryptocurrency mining will become more
sophisticated, selecting which currency to
mine on a victim’s machine based on the
processing hardware and the value of a
specific currency at a given time.
We have noticed a trend of cybercriminals
becoming more agile in their development
process. They gather data on flaws
from online forums and the Common
Vulnerabilities and Exposures database
to add to their malware. We predict that
criminals will sometimes take a day
or only hours to implement attacks
against the latest weaknesses in software
and hardware.
We expect to see an increase in
underground discussions on mobile
malware, mostly focused on Android,
regarding botnets, banking fraud and
ransomware, and bypassing two-factor
authentication security. Credit card fraud
and the demand for stolen credit card
details will continue, with an increased
focus on online skimming operations that
target third-party payment platforms on
large e-commerce sites.
From these sites, criminals can silently steal
thousands of fresh credit cards details at
a time. Furthermore, social media is being
used to recruit unwitting users, who might
not know they are working for criminals
when they reship goods or provide
financial services.
We predict an increase in the market for
stolen credentials – fuelled by recent large
data breaches and by bad password habits
of users. The breaches lead, for example, to
the sale of voter records and email-account
hacking. These attacks occur daily.
INTELLIGENTCIO
25