Cybersecurity specialists from the International Institute of Cyber Security already predicted that this would be a difficult year for users and organizations, even 2018 began with the discovery of CPU processor vulnerability present in virtually any developed chip over the last 20 years. The worst part is that things didn’t get any better; new malware families, government-sponsored attacks, and many more incidents have kept the cybersecurity community busy.
Some of the most dangerous cyberthreats that were presented this year are:
Spectre and Meltdown
Just started the year and several cybersecurity specialists began to report the CPU vulnerabilities known as Spectre and Meltdown. Present on the Intel, IBM, ARM and AMD chips, it was discovered that these vulnerabilities could be exploited through a side channel attack for the purpose of stealing confidential information stored on the device by deceiving the compromised computer’s programs.
Prior to its public disclosure, multiple industry organizations worked together to develop security patches for these failures, which generated some mistimes, such as slowing down the affected devices, if not enough, in the following months some variants of the vulnerabilities continued to appear, as well as other speculative execution vulnerabilities, such as Foreshadow. Companies like Intel mentioned that their next generation of chips will be designed to avoid the presence of this kind of flaws.
GandCrab encryption software became the most widely used tool in ransomware attacks this 2018. Unlike conventional attacks, GandCrab is based on exploitation kits such as RIG, GrandSoft and Fallout to deploy its attacks; in addition, GandCrab demands ransom in the cryptocurrency Dash. According to an analysis of a cybersecurity firm, hackers behind GandCrab could have generated about $700k USD in earnings.
VPNFilter is a modular malware program allegedly developed by the Russian hacker group known as Fancy Bear. Present in a wide range of routers, this malware is capable of performing DDoS attacks, data leaking and cyber spying tasks. At a later stage, VPNFilter is able to even propagate much more quickly through multiple endpoints, leak information and encrypt its own malicious traffic.
The use of cryptocurrency mining software increased considerably this year. Among the many programs available, Coinhive was consecrated as the most widely used mining software, especially for focusing on the digital currency Monero, an anonymous asset whose transactions are very difficult to trace. Coinhive is explicitly used in some sites, although most of its users are malicious hackers who inject the miner inadvertently into unsuspecting websites or administrator machines.