Ransomware is malicious software (malware) that renders infected systems unavailable, typically by encrypting files. Victims are told to pay the attackers behind the malware a certain sum (usually in Bitcoin) to regain access.
Over the past year, threat actors have switched from spreading ransomware through malicious email spam and rootkits in widespread, automated campaigns to targeting specific organisations with manual attacks. Access is usually gained by brute-forcing Remote Desktop Protocol (RDP) passwords. The targeted attacks are more effective and more lucrative, with criminals demanding higher sums ($40,000 is typical in SamSam campaigns and $100,000 for Ryuk infections). Ransomware attacks on utilities and industrial control systems (ICSs) are expected to dominate this year.
Fileless attacks/living off the land
Fileless or living off the land attacks involve the illicit use of default system tools such as Windows PowerShell, WMI and Windows Scripting Host in order to run malicious code in memory (RAM) on a targeted system.
Fileless malware is reportedly ten times more effective than file-based malware, which explains why more than half of all successful cyber attacks involve living off-the-land techniques. Fileless attacks are bound to increase this year, and we may see the rise of “vaporworms”, i.e. self-replicating fileless malware.
Modular Financial Trojans
A financial Trojan, aka banking Trojan, is malware that appears benign but actually serves to provide threat actors with access to financial user accounts (online banking, PayPal, etc.) by stealing login credentials and other data stored or entered on infected devices.
Banking Trojans are the most common form of malware used in email-based attacks, and threat actors keep expanding the functionality of “modular” Trojans like Emotet. In addition to logging keystrokes and redirecting web traffic, such Trojans can have modules for downloading other malware; spreading laterally across networks, employing fileless methods to stay undetected; and much more.
Mobile malware/malicious apps
Mobile malware is malicious software designed for mobile operating systems like Android and iOS.
Due to the continued proliferation of mobile devices, mobile web traffic has recently overtaken Internet traffic from personal computers. Unsurprisingly, cybercriminals are developing mobile malware to take advantage of this trend. Threat actors often embed mobile malware into seemingly benign applications and upload these to Google Play and/or the App Store. Last year, millions of users downloaded malicious apps that often lacked functionality and merely served ads, financial Trojans and/or other mobile malware. This is destined to continue in 2019.
Card skimming malware/Magecart attacks
Card skimming malware is malicious code that threat actors embed into legitimate e-commerce websites in order to capture credit card information entered by customers.
One of the most prominent malware threats of 2018 was the rise of “Magecart” attacks. Magecart is an umbrella term referring to multiple cybercriminal groups that attack e-commerce websites in order to insert card-skimming malware into checkout pages. Almost 320,000 Magecart attacks were recorded in the first ten months of 2018 alone, and this situation is not likely to improve this year.