cyber trends
Mirai botnets and distributors of the
Petya ransomware. This collaborative
analysis suggested an evolution of IoT
botnets, from a nearly exclusive use
case of launching DDoS attacks to
more sophisticated activities such as
ransomware distribution and cryptomining.
IoT botnets are difficult to detect
because there are very few indicators of
compromise for most users and yet the
collaborative research by these teams
created the chance to find and block
dozens of new C&C domains to control
the activity of the botnet.
Communicating
with varying
platforms is critical
when acquiring
knowledge across
teams, systems and
data sets.
Javascript cryptominers:
a shady business model notable changes in their operating
procedure, including:
The exponential rise in public
consumption of cryptocurrency
adoption has been reflected in a sharp,
observable increase in the number of
cryptomining malware strains and the
number of devices infected with them. • The web proxy auto-discovery (WPAD)
protocol was discovered in use to
expose Windows systems to man-in-
the-middle attacks between November
24 and December 14, 2017. WPAD
is meant to be used on protected
networks (such as LANs) and leaves
computers open to significant attacks
when exposed to the Internet
• Malware authors are branching out
to the collection of social media
logins in addition to financial
information. Terdot, a branch of the
Zeus botnet, creates a local proxy
and enables attackers to perform
cyber-espionage and promote fake
Akamai observed two distinct business
models for large-scale cryptomining.
The first model uses infected
devices’ processing power to mine
cryptocurrency tokens. The second
model uses code embedded into content
sites that make devices that visit the site
work for the cryptominer.
news in the victim’s browser
• The Lopai botnet is an
example of how botnet
authors are creating
more flexible tools.
This mobile malware
mainly targets
Android devices and
uses a modular approach
that allows owners to create
updates with new capabilities
Methodology
Akamai Security Research analyses daily,
weekly and quarterly data sets to predict
the next moves cybercriminals will take.
The goal is to detect attack signals
in the sea of DNS data and validate
known attack types while simultaneously
detecting new, unknown and unnamed
malicious activity.
In addition to using commercial and
public data sources, the team analyses
100 billion queries daily from Akamai
customers. Akamai works with more
than 130 service providers in more
than 40 countries, resolving 1.7 trillion
queries daily.
This sample represents approximately 3%
of total global DNS traffic generated by
consumers and businesses worldwide. u
Akamai conducted extensive analysis on
this second business model, as it poses
a new security challenge for users and
website owners alike. After analysing the
cryptominer domains, Akamai was able
to estimate the cost, in terms of both
computer power and monetary gains,
from this activity. An interesting implication
of this research shows that cryptomining
could become a viable alternative to ad
revenue to fund websites.
Changing threats: malware and
exploits repurposed
Cybersecurity is not a static industry.
Researchers have observed hackers
leveraging old techniques to reuse in
today’s current digital landscape.
Over the six months that Akamai
collected this data, a few prominent
malware campaigns and exploits show
www.intelligentciso.com
|
Issue 03
21