Hackers using malware to cover their tracks

Analysts at Positive Technologies observe increasing use of malware to hide the aftermath of cyberattacks and motives of perpetrators.

  • 6 years ago Posted in
Positive Technologies has published the Cybersecurity Threatscape report for Q4 2017, which exposes a trend of malware being used to obscure the real motives of a cyber attack, meaning that not all cyber attacks should be taken at face value. For example, criminals have been using ransomware that demands money to actually cover for spyware, which steals data and then wipes the hard drive instead of merely encrypting it. In the case of ATM attacks, malware is being used to cover tracks by damaging the boot record of the ATM operating system to deprive investigators of key information needed to reconstruct the chain of events that led to theft of bank cash.
While 73 percent of attacks are still motivated by financial gain, the fourth quarter also saw an increase in the share of attacks performed by hacktivists, from 3% in Q3 to 7% in Q4. These hackers use their technical skills to express political views, typically as part of a protest or civil disobedience, in a way that may be even classified as digital terrorism in some countries. In Q3 and Q4, political events in various countries drove an increase in the number of attacks against government websites. For example, in the aftermath of the Catalan independence referendum, hacktivists affiliated with Anonymous showed their dismay with the Spanish government by performing a series of DDoS attacks against a number government websites. 
Positive Technologies analysts recorded more unique incidents in Q4 than in previous quarters. Q4 saw an increased number of attacks on home users - with a spike of 106 in November, compared to the year’s low of just 43 in June. Most likely, this is related to holiday shopping (such as on "Black Friday" and "Cyber Monday"), when consumers make more spontaneous purchases, some of them on suspicious sites.
The report also notes that growing security awareness among users is forcing criminals to invent more creative methods of spreading malware, including hacking third-party websites and using them as a host to spread malicious files. To give phishing sites high rankings in search results, cybercriminals employ SEO methods, such as carefully placed keywords, and use special botnets to drive traffic to increase ratings.
The cryptocurrency craze has attracted plenty of fraud, complete with malware (the Coinhive miner is one example) and the targeting of cryptocurrency wallets. Other techniques include uploading a mining script to a hacked legitimate website (as happened with D-Link) and compromising cryptocurrency mining services. Criminals continue to wield DDoS attacks against cryptocurrency exchanges and ICOs, with British startup Electroneum being a case in point.
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...