Cybercriminals are now employing a more holistic approach to launching phishing attacks by assuming false identities and working in close cooperation with other cybercriminals. The scale of these attacks has also increased as cybercriminals make use of a wider range of cybercrime as-a-service platforms.
Ransomware attacks are not only more targeted, cybercriminals also now threaten to auction sensitive data on the dark web or simply destroy it altogether. Cybercriminals have also converted some traditional banking Trojans into more advanced polymorphic malware. The Emotet banking Trojan has been used by cybercriminals to deliver other malicious malware payloads such as Ryuk ransomware and Trickbot. The developers behind Trickbot added a ‘Trickbooster botnet’ to the malware to increase propagation.
Business Email Compromise (BEC) continues to increase as criminals have begun to acquire a deeper understanding of internal business processes and system vulnerabilities. Criminals are compromising bank accounts, identifying the ideal time to strike, managing email conversations via man-in-the-middle attacks, or even using artificial intelligence (AI) to mimic the voice of a CEO. They have also become better at mastering local languages and contexts in addition to setting up complex criminal networks to launder proceeds.
Payment cards are being compromised via e-skimming attacks, also known as digital skimming, through which cybercriminals inject malicious JavaScript code into the checkout page of an online merchant, which enables them to capture personal data and credit card credentials. The most common type of e-skimming activity employs Magecart malware, however, new variants such as Pipka are starting to become more common.
Cybercriminals are capturing entire digital identities from compromised machines. Purchases are made from a compromised computer that allows a cybercriminal to pretend to be a returning customer by using the same browser settings and card credentials.
SIM swapping has emerged as a new type of account takeover. Criminals find ways to swap or port a victim’s SIM card in their smartphone to capture the one-time password used for authentication.
DarkWeb administrators are working more closely together by sharing code and security methodologies such as eliminating registration requirements by having no user names or digital wallets, requiring multiple signatures on Bitcoin and Monero transactions, and enacting no JavaScript policies. Instead of transaction fees, the market receives a monthly commission. Users of DarkWeb services have also opted for more secure communication channels such as Sonar, Elude58, Discord, Wickr, and Telegram.
Put it all together and it becomes clear cybercriminals are continually evolving their techniques. INTERPOL is once again calling for more cooperation, coordination, and information sharing to combat these threats as well as greater awareness and, controversially, expansion of legal frameworks to make it simpler for law enforcement agencies to decrypt communications. It’s unclear to what degree any progress might be made on any of those issues any time soon. In the meantime, however, it’s apparent the bad guys are becoming that much more cunning with each passing day
iTM covers all aspects of cybersecurity from Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.