ESET Research Laboratory, a leading proactive hazard detection company, analyzed the most frequently used attacks in 2018 in Latin America. The company shares the main characteristics and reasons why these methods are increasingly used by attackers who are benefiting from resources and information from users.
5 most commonly used cyber attacks in 2018:
1. Fishing attacks. Although it is an attack that exists a few years ago, recent propaganda campaigns have shown new features.
Many identity theft sites now use security certificates. According to the antiphishing Working Group, during the second quarter of 2018, about 35% of registered phishing attacks were hosted on HTTPS protocol web sites, a significant increase from almost 5% of falsified sites with SSL certificates reported in late 2016 .
In addition, alternative methods of spreading to "traditional" e-mail, such as messaging applications, are used; to reach a greater number of potential victims. At the same time, these malicious campaigns also include homogeneous attacks, which add more trouble to users to identify apocryphal web pages.
"Security practices that were once recommended in connection with phishing are still valid, although not enough, due to the new features of this type of attack. Now it's not enough to verify the URL, security lock, or use of HTTPS, it would also be useful to check the common site name in security certificates, compare it with the domain of the site concerned, "says Miguel Angel Mendoza, a specialist in IT security in Latin America.
This threat began to be identified in August 2017 and, according to principle, has the abduction capacity for processing a foreign team to earn money through the mining crypto currency. One of the ways to infect the device is through scripts that run in the user's browser, it's enough that the user visits the site containing the code so that their processor is used to undermine some crypto currency. Criptojacking began to have a large activity at the end of last year, a threat that ESET's worldwide telemetry detected between December 2017 and June 2018.
So far, in 2018, in the Latin America region, nearly half of the JS / CoinMiner discoveries (a signature using ESET solutions) have been concentrated in two countries: Peru (30.72%) and Mexico (17.41). %), followed by Ecuador (8.89%), Brazil (7.73%) and Argentina (7.08%).
Malicious codes are still one of the main threats, and they are also used to carry out attacks. According to ESET Securiti Report 2018, malware infection is the main cause of security incidents in Latin American companies.
ESET research laboratories receive more than 300,000 unique malware samples on a daily basis, saying that threats of this type have been developed for practically all the operating systems that are being used today. For example, ESET laboratories identify, on average, about 300 Android malware samples per month. In addition, malware, which has been specially designed to affect the so-called devices, began to appear. Internet of things; that after compromising they are used to carry out other attacks.
In the course of 2018, several email frauds appeared, which focused on misleading users based on information about alleged information that compromised them. In some of these campaigns, there was a specific fact, which the user felt could not be false.
An example is a campaign in which the user's password was the subject of the message, in an attempt to show that they have their own personal information and that the extortion they described in detail in the text of the mail really. It is estimated that this campaign has managed to raise nearly half a million dollars. Another example of this type of fraud was the specialty that email came to the user from his own account, which meant that the attacker had access to the potential victim's account.
5. Exploitation of vulnerability
By the end of 2017, ESET pointed out that this is the year with the highest number of reported vulnerabilities (14,714), which goes far beyond the previous year's records, however, in 2018, this figure has been exceeded. According to CVE data, despite the fact that the year has not yet been completed, more than 15,300 vulnerabilities have been registered.
In this context, the exploitation of some vulnerabilities is on the rise. To cite one example, the detection of EternalBlue, the exploitation used during the expansion of VannaCri, has an increase. If the discovery of this undertaking is compared in May 2017 with those of July 2018 (the period with the highest activity), there has been an increase of almost 600%, where different ramsomvare families and other types of malware try to exploit vulnerabilities in obsolete systems.
"It is important to emphasize the way in which computer threats evolve and the various attacks that tend to compromise the property, so that, from a security perspective, the use of protection technology, the application of good practices and the use of technology is of key importance. The constant task of informing what is happening on cyber security field, "concluded Mendoza.