Cybersecurity specialists from the International Institute of Cyber Security already predicted that this would be a difficult year for users and organizations, even 2018 began with the discovery of CPU processor vulnerability present in virtually any developed chip over the last 20 years. The worst part is that things didn’t get any better; new malware families, government-sponsored attacks, and many more incidents have kept the cybersecurity community busy.
Some of the most dangerous cyberthreats that were presented this year are:
Spectre and Meltdown
Just started the year and several cybersecurity specialists began to report the CPU vulnerabilities known as Spectre and Meltdown. Present on the Intel, IBM, ARM and AMD chips, it was discovered that these vulnerabilities could be exploited through a side channel attack for the purpose of stealing confidential information stored on the device by deceiving the compromised computer’s programs.
Prior to its public disclosure, multiple industry organizations worked together to develop security patches for these failures, which generated some mistimes, such as slowing down the affected devices, if not enough, in the following months some variants of the vulnerabilities continued to appear, as well as other speculative execution vulnerabilities, such as Foreshadow. Companies like Intel mentioned that their next generation of chips will be designed to avoid the presence of this kind of flaws.
GandCrab
GandCrab encryption software became the most widely used tool in ransomware attacks this 2018. Unlike conventional attacks, GandCrab is based on exploitation kits such as RIG, GrandSoft and Fallout to deploy its attacks; in addition, GandCrab demands ransom in the cryptocurrency Dash. According to an analysis of a cybersecurity firm, hackers behind GandCrab could have generated about $700k USD in earnings.
VPNFilter
VPNFilter is a modular malware program allegedly developed by the Russian hacker group known as Fancy Bear. Present in a wide range of routers, this malware is capable of performing DDoS attacks, data leaking and cyber spying tasks. At a later stage, VPNFilter is able to even propagate much more quickly through multiple endpoints, leak information and encrypt its own malicious traffic.
Coinhive
The use of cryptocurrency mining software increased considerably this year. Among the many programs available, Coinhive was consecrated as the most widely used mining software, especially for focusing on the digital currency Monero, an anonymous asset whose transactions are very difficult to trace. Coinhive is explicitly used in some sites, although most of its users are malicious hackers who inject the miner inadvertently into unsuspecting websites or administrator machines.
Magecart
This is a malware used for the theft of payment card data used at least by six malicious hacker organizations around the world. In general, malicious actors incorporate Magecart into committed websites using a JavaScript tool that copies the data entering the forms present on a website, this information is subsequently sent to a malicious server. Although the first logs of Magecart attacks date back to the year 2014, it ultimately reached its peak of activity along 2018.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.