You are currently viewing The Return of Ransomware, Nation-State Crypto-Mining and Apache Struts

The Return of Ransomware, Nation-State Crypto-Mining and Apache Struts

While some types of cyber threats have been around for many years, as we enter 2019, many are growing in complexity or changing in design.

Keep your business safe from cyber threats with a  privacy-first, flexible and groundbreaking Cloud storage and sharing service: SkyFlok.

SkyFlok is encrypted during transmission of the data and for data at rest and is designed to help our clients store and share files privately worldwide. It also enables you to choose the Cloud providers and locations where you want your files to be stored. Doing so, we help our clients comply with EU’s GDPR by allowing our clients to choose from our GDPR compliant locations – it is as simple as clicking a few times to select the configuration you need. 

Store and share any team, personal or client files online with SkyFlok. Join us!

Industry executives and experts share their predictions for 2019. Read them in this 11th annual series exclusive.

Last year was an unprecedented year for the cyber community. At the start of 2018, cryptocurrency was experiencing a bull market; Cambridge Analytica was just beginning to unspool issues of third-party data sharing and misinformation amongst social media platforms; and organizations were still dealing with the long-tail effects of late 2017’s WannaCry ransomware and Equifax breach as GDPR kicked in. As we enter 2019, ironically, not much has changed besides the public’s awareness around the issues we face and the price of bitcoin — hopefully you didn’t buy at the top of the market.

Looking ahead, here are three of my expectations for 2019:

1. Ransomware Returns

Among criminal actors, expect crypto-mining to fall off and ransomware to return; crypto-mining has not been as profitable for many cybercriminals as originally intended. Unless an attacker can infect tens or hundreds of thousands of devices it is difficult to make even close to the money that can be made from a successful ransomware campaign. On the other hand, ransomware actors behind the SamSam, BitPaymer and CrySIS ransomware campaigns have created a blueprint for a new generation of ransomware attacks. By using open RDP servers as a method of entry vice more traditional phishing or web exploitation campaigns these actors have seen a lot of success with their ransomware attacks. SamSam, for example, has made almost $6 million from ransomware attacks using this tactic. We are already starting to see new ransomware variants copy this model and we expect to see a new crop of ransomware families continue to expand on this method of attack.

2. Nation-State Crypto-Mining

There will be more heavily sanctioned nation-state actors engaging in crypto-mining attacks. North Korea has used crypto-mining as a successful strategy to raise money for the state, despite being heavily sanctioned. This strategy appears to be replicated by the Houthi forces in Yemen and there have been rumors of the same type of activity in Venezuela and Iran. More nations that are sanctioned or otherwise have limited access to funds will turn to cryptocurrency mining as a strategy to raise funds to replace depleted funds.

3. Apache Struts Exploit

There will be a major breach announced that originated with an Apache Struts vulnerability. In 2018 we saw the release of two critical Apache Struts vulnerabilities, CVE-2018-1327 and CVE-2018-11776, which are both remotely executable and there are already a number of botnets scanning for these vulnerabilities. Apache Struts presents a unique challenge because it is baked into so many other programs that are designed to be internet facing, which means that a traditional vulnerability scanner may not detect Apache Struts, but the botnets scanning for the vulnerabilities will pick it up.