From ESET’s research lab, a leading proactive threat detection company, analyzed the most widely used attacks in 2018 in Latin America. The company shares the main features, and the reasons why these methods are increasingly used by attackers who derive benefits from users ‘ resources and information.
The 5 most commonly used cyber-attacks in 2018:
1. Phishing attacks. Although it is in attack that exists years ago the recent campaigns of propagation mostraronnuevascharacteristics.
Many of the phishing websites now use security certificates. According to the antiphishing Working Group, during the second quarter of 2018, about 35% of registered phishingattacks were hosted on HTTPS-Protocol Web sites, a significant increase in comparison to nearly 5% of cases of falsified sites with SSL certificates, reported at the end of 2016.
In addition, alternative routes are used to propagate to “traditional” e-mail, such as messaging applications; to reach a greater number of potential victims. At the same time, these malicious campaigns also include characteristics of homográficos attacks, which adds more difficulty to the users for the identification of the apocryphal websites.
“The security practices that used to be recommended in relation to the phishing, remain valid, although not enough, because of the new characteristics of the attacks of this type. Now it is not enough to verify the URL, security lock or use of HTTPS, it would also be advisable to revise the common name of the site in the security certificates, to be compared with the domain of the site in question. “, “says Miguel Angel Mendoza, specialist in computer security at ESET Latin America.
This threat began to be identified in August 2017 and has as its beginning the kidnapping of the processing capacity of a foreign team to make money through the mining of Criptomonedas. One of the ways of infecting the devices is through scripts that run in the browser of the users, it is enough that a user visits a Web site that contains the code so that its processor is used to undermine some criptodivisa.The criptojacking began to have a great activity towards theend of last year, being the most detected threat by thetelemetry of ESET worldwide between December 2017 and June 2018.
As far as 2018, in the Latin American region, almost half of the detections of JS/CoinMiner (signature used by the ESET solutions) are concentrated in two countries: Peru (30.72%) and Mexico (17.41%), followed by Ecuador (8.89%), Brazil (7.73%) and Argentina (7.08%).
Malicious code continues to be one of the main threats, while also being used to carry out attacks. According to ESET Security report 2018, malware infections are presented as the leading cause of security incidents in Latin American companies.
ESET’s research labs receive daily more than 300.000 unique malware samples, noting that they develop this style of threats for virtually all today’s operating systems. For example, ESET Labs identify monthly, on average, about 300 malware samples for Android. In addition, malware samples began to appear specially designed to affect the devices of the so-called Internet of things; that after being compromised they are used to carry out other attacks.
During 2018 there appeared various scams via email focused on deceiving users from the supposed collection of information that compromised them. In several of these campaigns there was a specific fact, which led the user to believe that it might not be a hoax.
An example is the campaign in which the user’s password was the subject of the message, in an attempt to show that they had their personal data and that the extortion they detailed in the mail text was real. It is estimated that this particular campaign managed to raise nearly half a million dollars. Another example of this type of scams had the peculiarity that the email came to the user from his own account, which was to suppose that the attacker had access to the account of the potential victim.
• Exploitation of vulnerabilities
Towards the end of 2017, ESET that this was theyear with the highest number of reported vulnerabilities (14,714), surpassing by far the records of previous years, however, in what goes from 2018 this figure has been Overcome. According to CVE details, although the year has not yet ended, more than 15.300 vulnerabilities have alreadybeen registered.
In this context, the exploitation of some vulnerabilities is also on the rise. To set an example, the detection of EternalBlue, an exploit used during the propagation of WannaCry, has had increases. If the detections of this exploit were compared during May 2017 with July 2018 (period with higher activity), there was an increase of almost 600%, where several families of ramsomware and other types of malware try to take advantage of the vulnerabilities in the inoutdated systems.
“It is important to emphasize the way in which the computer threats evolve and the various attacks that seek to compromise the assets, so that, from the security perspective, the use of the protection technology is essential, the application of Good practices and the constant task of being informed about what is happening in the field of cybersecurity. “Concluded Mendoza.
How to prevent the banks of the future from creating accounts with false identities
Recently, one of the pioneer companies in Europe, which delivered the first credit card remotely, alerted the entire Fintech ecosystem.
On its website, it assured that a new user could open an account with the security of the German regulation in eight minutes. However, they did not comply with the security standards and it was possible to open an account with a fake ID. This technique or the generation of a false profile is called “Synthetic identity”, in which part of the information is real and part of it is fictitious.