5 Recent Cyber Security Threats in 2018

Cyber security threats, hacks, malware, and ransomware are all words that the world has become extremely familiar with in the last 2 years. Thanks to the myriad of cyber attacks being talked about in the news today, there is a mountain of news concentrated on the subject. With attacks affecting countries from Russia all the way to the United States, there is no country that is safe from the scourge of cyber attacks. Here are just a few recent cyber attacks that have rocked various countries and companies around the world.

Hidden Cobra

It sounds like the title of a Black Op team in a video game but it’s actually the name of a coordinated team of hackers working for North Korea. They are state sponsored hackers that targeted telecom companies, and financial institutions using sophisticated tools such as Bankshot, Badcall, Hardrain and Fallchill. They previously attacked SWIFT, the network that connects nearly 10,000 banks. They use programs like the DDoS Botnet, keyloggers and remote access tools (RATs) as well as wiper malware.

The latest series of attacks have been spread via phishing emails that contain a booby trapped Microsoft Word Document. The malware inside exploits weaknesses found in Adobe Flash which is a popular program used to run animations on websites and extensively within the browser, Google Chrome.

McAfee, the famous cyber security company, believes that the hackers are targeting Turkey, but there could be no telling which other countries they may target next.

US CERT has identified this group as the same one that hacked Sony Pictures in 2014 prior to the release of the comedy film, the Interview, which directly satirized North Korea’s leader, Kim Jong-un.

Targeting ERP Systems

Enterprise Resource Planning (ERP) Systems are used to collectively manage various business activities. This could refer to a suite of programs that allow different groups in a business to effectively communicate with each other without disrupting the flow of information. These systems are being targeted by hackers according to the US Department of Homeland Security. This is probably the most massive cyber security threat for small businesses right now

An alert was issued by the US CERT for organizations to beware the onslaught of cyber security threats on these systems. The hackers were looking to exploit and steal sensitive information. The information can be sold to the highest bidder or be used as ransom against the company itself. This mix of cyber warfare and industrial espionage is very dangerous for any company’s assets. It could potentially lead to cyber terrorism and the political subjugation of various companies and their countries.

The most famous example of this hacking is the attack on United States Information Service in 2014. The attack came from state sponsored Chinese hackers that stole thousands of sensitive records by exploiting a SAP vulnerability in the system.

The USIS was until then, the largest provider of background information to the US government and hence suffered dearly due to the loss of such sensitive information.

According to the US CERT report released on the subject of ERP hacking, there has been a 160% increase in the level of interest and activity in ERP specific vulnerabilities from 2016 to 2017.

Emotet-Mealybug

Mealybug is a cyber criminal group or individual that has been active at least as early as 2104. It is identified through its virus, Trojan.Emotet. When it was first identified, the cyber security threat targeted banking customers but now it seems to have evolved to a global packing service for other actors. It has now moved on to distributing its services for other clients and that makes it an even more dangerous adversary.

The program is self aware. By 2018, the cyber security threat had been identified to contain a payload as well as an anti analysis package that confirms whether it is being run through a malware research engine before being downloaded onto a computer.

After being downloaded onto the computer, the program moves itself to the preferred directory, creates a LNK file pointing to itself in the startup folder and begins sending private information to the Command and Control Server.

It can then be completely updated independently and receive any number of instructions from the command and control server. According to Symantec, the bulk of its attacks in 2018 have become focused on the US.

VPN Filter

Brought to you by the same people that hacked the Democratic National Committee (DNC), the malware known as VPN Filter infected around half a million routers around the world. The FBI recommended changing the password and rebooting the router in your home to the entire US population.

According to the FBI, the malware could monitor and influence information going through the router, render it inoperable or interfere with its function. The cyber security threat was orchestrated by Sofacy Group that rendered the DNC helpless just before the 2016 US Presidential Election.

According to various sources, the malware affected routers from popular companies including Linksys, MikroTik, Netgear, and TP-Link.

SegmentSmack Vulnerability in Linux

The most recent of the cyber security threats on this list is a vulnerability discovered by a researcher. It exists in the versions of Linux 4.9 and up. The vulnerability allows for resource exhaustion to be triggered through an open port.

The researcher was Juha Matti Tilli from Aalto University in Helsinki, Finland. The vulnerability pertained to TCP sessions that could be modified to exhaust the resources of the computer in question. This could be done through DDoS attacks.

Linux researchers have released a patch for it however, that limits CPU cycles, rendering it not vulnerable to exploitation.

Are you finding it harder to locate the good technical and IT talent? Many companies find them selves in the same situation. There are some better ways to locate and attract the right it and technical people to your company. Contact us to learn more.