Cyber-criminals are constantly evolving their tactics in order to make money, especially as returns on ransomware and cryptojacking have started to decline. According to Symantec’s recent Internet Security Threat Report, one of the emerging threats in 2018 was formjacking. This technique involves using malicious JavaScript code to steal credit card details and other information from payment forms on eCommerce websites. The report revealed that on average, 4,800 websites were compromised with formjacking code each month, resulting in potentially tens of millions of dollars being stolen.
Supply chain attacks also saw a significant increase in 2018, with a 78% surge reported. Malicious email attachments, particularly office files, were used in nearly half (48%) of all attacks, a stark rise from just 5% in 2017. Web attacks were up by 56%, with one in 10 URLs found to be malicious.
While cryptojacking events decreased by 52% last year, there was a 90% drop in the value of Monero, the cryptocurrency commonly used by cyber-criminals. Despite a 12% increase in enterprise ransomware and a 33% spike in mobile ransomware, the overall number of ransomware attacks actually fell by 20% in 2018.
However, some cyber criminals are still finding cryptojacking to be a lucrative endeavor. The WannaMine (MSH.Bluwimps) cryptojacking script, for example, targeted enterprises by exploiting the Eternal Blue exploit, which was famously used by WannaCry. This resulted in some devices becoming unusable due to high CPU usage.
One alarming finding from the report was that more than 70 million records were stolen or leaked due to poorly configured S3 cloud storage buckets. This underscores the importance of properly securing cloud resources, as they have become a prime target for digital thieves.
In conclusion, organizations need to be vigilant in addressing the evolving landscape of cyber threats. By following best practices for securing cloud resources and staying informed about the latest attack vectors, businesses can better protect themselves from falling victim to cyber-criminals.