Hackers using malware to cover their tracks, motives

Feb. 13, 2018
Analysts at Positive Technologies observe increasing use of malware to hide the aftermath of cyberattacks and motives of perpetrators

February 12, 2018 – Positive Technologies has announced the Cybersecurity Threatscape report for Q4 2017, which exposes a trend of malware being used to obscure the real motives of a cyber attack, meaning that not all cyber attacks should be taken at face value. For example, criminals have been using ransomware that demands money to actually cover for spyware, which steals data and then wipes the hard drive instead of merely encrypting it. In the case of ATM attacks, malware is being used to cover tracks by damaging the boot record of the ATM operating system to deprive investigators of key information needed to reconstruct the chain of events that led to the theft of bank cash.

While 73 percent of attacks are still motivated by financial gain, the fourth quarter also saw an increase in the share of attacks performed by hacktivists, from 3% in Q3 to 7% in Q4. These hackers use their technical skills to express political views, typically as part of a protest or civil disobedience, in a way that may be even classified as digital terrorism in some countries. In Q3 and Q4, political events in various countries drove an increase in the number of attacks against government websites. For example, in the aftermath of the Catalan independence referendum, hacktivists affiliated with Anonymous showed their dismay with the Spanish government by performing a series of DDoS attacks against a number government websites. 

Positive Technologies analysts recorded more unique incidents in Q4 than in previous quarters. Q4 saw an increased number of attacks on home users - with a spike of 106 in November, compared to the year’s low of just 43 in June. Most likely, this is related to holiday shopping (such as on "Black Friday" and "Cyber Monday"), when consumers make more spontaneous purchases, some of them on suspicious sites.

The report also notes that growing security awareness among users is forcing criminals to invent more creative methods of spreading malware, including hacking third-party websites and using them as a host to spread malicious files. To give phishing sites high rankings in search results, cybercriminals employ SEO methods, such as carefully placed keywords, and use special botnets to drive traffic to increase ratings.

The cryptocurrency craze has attracted plenty of fraud, complete with malware (the Coinhive miner is one example) and the targeting of cryptocurrency wallets. Other techniques include uploading a mining script to a hacked legitimate website (as happened with D-Link) and compromising cryptocurrency mining services. Criminals continue to wield DDoS attacks against cryptocurrency exchanges and ICOs, with British startup Electroneum being a case in point.

The full report can be found at the following link: https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cybersecurity-threatscape-2017-Q4-eng.pdf

Methodology

Positive Technologies regularly presents information on the most important and emerging IT security threats. In keeping with similar reports from previous quarters, this report covers incidents in the fourth quarter of 2017. Information is drawn from our own research, outcomes of numerous investigations, and data from authoritative sources.

About Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection. Commitment to clients and research has earned Positive Technologies a reputation as one of the foremost authorities on Industrial Control System, Banking, Telecom, Web Application, and ERP security, supported by recognition from the analyst community. Learn more about Positive Technologies at ptsecurity.com.