Seeing the Future: Cybersecurity Trends To Look Out For in 2019

Hand-crafted, targeted attacks are on the rise

Singapore, being a global hub for finance and technology in Asia, has become an attractive target for cybercriminals. One-third of Singapore’s SME’s have experienced a ransomware attack in the past year. Cybercriminals have gone back to old-school manual hacking methods to boost the efficiency of targeted extortion. Asia has seen its fair share of ransomware attacks, and well-known ones like WannaCry and CryptoLocker have the tendency to be opportunistic by sending out boobytrapped attachments sent to a large number of potential victims via email.

2018, however, has seen the advancement of hand-delivered, targeted ransomware attacks that are different from the mass email dissemination method. What this attack methodology means is that even though fewer attacks may take place, the results will be far more devastating, and the cybercriminal could demand a higher ransom. Subsequent malware also has the potential to evolve to become more destructive and effective.

This attack style, where these criminals manually maneuver through a network step-by-step, is now increasing in popularity and the financial success of malwares like SamSam is bound to inspire copycats striking in 2019.

The downside to this trend is that these forms of manual attacks are more challenging to prevent using conventional methods, but this also means that there are far less competent hackers who are capable of conducting them.

Cybercriminals are turning to what’s already available for their cybercrime sprees

Cyberterrorists are successfully avoiding detection on Windows computers by abusing legitimate admin tools commonly found on the operating system. This pivotal finding traces how this technique has become a common feature in an increasing number of cyberattacks.

Known as ‘living off the Land’ as it avoids the need to download dedicated tools, cybercriminals have stopped emailing malware to victims via actual malicious executable programmes, but instead switched to using a series of interlinked, non-executable scripts, exploitable Microsoft Office document vulnerabilities, and Office document macros that makes detection a puzzle. Experts have noted the challenge in separating the normal operations of a computer from the irregular behaviour of a machine in the midst of a malware infection. As it comes with a wide range of file types that include several “plain text” scripts chained in no particular order.

Attackers are showing no signs of giving up on new variations of Microsoft Office macro attacks. Recently, protections such as disabling macros inside documents or using preview mode have blunted this technique. Unfortunately, attackers have developed methods to persuade users to disable these using macro builder tools that package Office, Flash and other exploits that cause social engineering prompts. The trend now is to use more exotic filetypes to launch attacks, as commonly used filetypes are now blocked or monitored by endpoint security.

To stay safe and ensure protection from these trends, it is important to plan ahead and try to remain one step ahead of cybercriminals. Having a comprehensive response plan ahead of the incident is key and allows organisations to be more prepared for unpredicted risks. As Singapore moves towards its Smart Nation vision and takes on digitalisation, we should expect a rise in cyberattacks. All businesses and organisations should be prepared to do their due diligence and not take cyber security for granted.