Hackers are moving from ransomware to cryptomining according to Cisco’s Talos division who reported the shift towards cryptomining on Tuesday. Recently hackers have been finding success with ransomware, with reports of numerous companies and individuals ponying up to unlock their computers. However, now, hackers are finding easier ways to score cash. Ransomware still requires individuals to take action to unlock their systems by sending payments. Many of the victims may not even be familiar with how to purchase bitcoins or prepaid credit cards to make the payment. Others may have satisfactory backups or deem the data locked not important enough to pay for release.
Late last year, Symantec Corporation released a survey on ransomware: malicious software that attempts to encrypt everything it can access, and demands money (usually in difficult-to-trace remuneration such as Bitcoin). One of the most disturbing trends of this report was that ransomware has grown from less than 20% of all new malware types in 2014, to over 90% of all newly discovered malware types today. Why is this? Well, put simply, because it works. When an organization’s critical business data is directly compromised – with the promise of possibly regaining access and restoring business as usual – the temptation to simply pay $500-$1,000 in Bitcoin or gift cards is strong. However, there’s always one nagging question in the background: what if the attacker doesn’t actually give us the key to decrypt the files?
The number of data breaches in 2016 list keeps growing! To make matters worse, if suffering from one data breach wasn’t bad enough, Hard Rock Hotel & Casino in Las Vegas, Nevada, announced that it recently suffered from a second data breach in just over a year.
While organizations need to focus on network security monitoring and sophisticated security tools to defend their IT assets, individuals can also take their own steps to beef up digital defenses. Improvements to ordinary users' endpoint security don't just benefit employees at home—the improvements help cybersecurity at the office, too, when workers bring personal devices to use on company networks. Consider these three easy tips that can help your company avoid big cybersecurity headaches:
Set aside the debates about paying for online content, and the fact remains that online advertisements are a frequent vector for cyber attacks. In August 2015, a Russian news site featured an advertisement that actually contained a Firefox exploit that searched for sensitive files and uploaded them to a server apparently based in Ukraine. In early 2014, YouTube ads were hosting a Java exploit that executed a typical drive-by download attack on users.
When users browse online, they often forget to clear the data from their web browser cache. However, this means that browsers can locally save sensitive website information such as bank account numbers and email passwords. If there is no company practice in place for staff to perform basic security measures like clearing their cache, malware can enter their systems, find private data, and send it to hackers, leading to dire consequences for companies.
How Browser Caches Store Web Data
A cache is a repository of stored data that is used to speed up the process of retrieving data. If a user accessing a resource already has some of its data stored in a cache, then the user does not need to retrieve that data from the resource—he or she can simply use it from the cache. But if the cache is empty, he or she must obtain all of it from the resource, which can be time-consuming.
Cyber security company Damballa released their 2015 “State of Infections Report,” which found that computers that have click fraud malware installed are more likely to be infected by other types of malware in the future. Click fraud malware runs in the background and clicks on ads in order to get money out of pay-per-click advertisers. The malware has cost businesses $6 billion per year in wasted money, the Association of National Advertisers said. Because the malware has directly resulted in financial losses for advertisers, this malware sounds harmless to consumers and enterprises. However, click fraud malware opens the gateway for other malware to get through.
Researchers have found that USB devices such as thumb drives, keyboards, and mice, can be used to hack into personal computers in a new way, reported Reuters. Hackers can load malicious software onto the computer chips inside USB devices, said Karsten Nohl, the chief scientist at Security Research Labs in Berlin. The firmware in these controllers can be reprogrammed by cybercriminals. Before, people were wary of strange files on their USB’s memory – now they have to worry about malicious code inside the USB’s firmware.