From the ESET Research Lab, a leading proactive threat detection company, they analyzed the most frequently used attacks in 2018 in Latin America. The company shares the key features and the reasons why these methods are increasingly being used by attackers who gain benefits from user information and resources.
The 5 Most Used Cyber Attacks in 2018:
1. Phishing attacks. Although it is an attack that existed years ago, the recent propagation campaigns showed new features.
Many of the phishing sites now use security certificates. According to the Antiphishing Working Group, during the second quarter of 2018, about 35% of registered phishing attacks were hosted on sites with HTTPS protocol, a significant increase compared to almost 5% of the cases of fake sites with SSL certificates, reported at the end of 2016.
In addition, alternative means of propagation are used for "traditional" emails, such as messaging applications; to reach a greater number of potential victims. At the same time, these malicious campaigns also include characteristics of homographic attacks, which adds more difficulties for users to identify apocryphal sites.
"The security practices that used to be recommended against phishing remain valid, though not sufficient, due to the new features of such attacks. It is not enough to check the URL, security lock, or use of HTTPS, too. it would be useful to check the common name of the site in the security certificates, to compare it with the domain of the site in question, "says Miguel Angel Mendoza, IT Security Specialist in Latin America.
This threat began to be identified in August 2017 and has as its principle the hijacking of the processing capacity of a foreign team to make money through crypto-currency mining. One of the ways to infect devices is through scripts that run on the user's browser. It is enough that a user visits a site that contains the code so that their processor is used to mine some crypto. Cryptojacking began to have a lot of activity at the end of last year, being the most detected threat by ESET's telemetry around the world between December 2017 and June 2018.
So far, in 2018, almost half of the JS / CoinMiner detections (signature used by ESET solutions) are concentrated in two countries: Peru (30.72%) and Mexico (17.41). %), followed by Ecuador (8.89%), Brazil (7.73%) and Argentina (7.08%).
Malicious codes continue to be a major threat while they are also used to perform attacks. According to the ESET Security Report 2018, malware infections are the leading cause of security incidents in Latin American companies.
ESET Research Labs receives more than 300,000 unique malware samples daily, noting that such threats are developed for virtually every operating system used today. For example, ESET labs on average identify about 300 samples of Android malware on a monthly basis. In addition, samples of malware specially designed to affect the devices of the so-called Internet of Things began to appear; which after being compromised are used to perform other attacks.
During the year 2018, several email scams appeared, focused on deceiving users based on the supposed information they obtained that compromised them. In several of these campaigns there was a specific fact that made the user believe that it could not be a scam.
An example is the campaign in which users' passwords were the subject of the message in an attempt to demonstrate that they had their personal data and that the extortion they detailed in the email text was real. It is estimated that this particular campaign has managed to raise almost half a million dollars. Another example of this type of scam was that email reached the user from his own account, which meant that the attacker had access to the account of the potential victim.
5. Scanning for vulnerabilities
At the end of 2017, ESET pointed out that it was the year with the highest number of reported vulnerabilities (14,714), far exceeding the records of previous years, however, so far in 2018 this number was exceeded. According to CVE Details, although the year has not yet been completed, more than 15,300 vulnerabilities have already been recorded.
In this context, the exploitation of some vulnerabilities is also on the rise. To give an example, the detection of EternalBlue, an exploit used during the propagation of WannaCry, had increases. If the exploits of this farm are compared in May 2017 with those of July 2018 (period with more activity), there was an increase of almost 600%, where different families of ramsomware and other types of malware try to exploit the vulnerabilities in outdated systems .
"It is important to highlight the way in which computer threats evolve and the various attacks that seek to compromise the assets, so that, from the security point of view, the use of protection technology, the application of good practices and the use of technology is a constant task of being informed about what happens in the field of cyber security, "concluded Mendoza.