Data leaks and security breaches: Cybercrime in 2018

What to expect in 2019? Cryptojacking on the wane, email scams, State APTs...

In this post, Vade reviews the major cybersecurity news of the past year and gives its predictions for 2019.

The considerable impacts of the Spectrum and Meltdown vulnerabilities

As revealed by several researchers, the vulnerabilities in Intel processors called Spectre and Meltdown are of unprecedented complexity.

Sébastien Gest, Vade Technical Evangelist, explains: "These vulnerabilities are of a new kind – they appear totally harmless. However, the fact that they are located at the hardware level directly at the buffer memory level, makes them formidable.

By exploiting these vulnerabilities, cybercriminals can extract passwords, encryption keys and other private data. The problem is that even if Spectre can be fought by patches – which still have to be done – there’s nothing to do for Meltdown, except renew the processors, which will take years. Spectre and Meltdown are a real cancer for IT. Such vulnerabilities will increase in number, affecting, for example, video surveillance systems, ATMs and other connected objects that will never be updated. So there’s a real problem with this type of threat, which at root stems from a design flaw.”  

The year data leaks proliferated

2017 had been marked by the Equifax, Uber or Deloitte vulnerabilities, which in 2018, were replaced by those suffered by Marriott, Facebook, Amazon, or even more recently by the Ministry of Foreign Affairs.

Sébastien Gest comments: "Since the beginning of 2018 (according to the aggregation of different sources, including Ihavebeenpwd), 1.7 billion database records have leaked into the wild. Of the 1.7 billion data leaked this year, 5% contain passwords with no encryption or with such a low level of encryption that it’s easy to recover the original password.”

 

For 2019, this suggests we’re in for unprecedented waves of scams!

More or less sensitive personal data is used to carry out several types of attacks, including:

• Identity theft: many leaks in 2018 or in previous years contained personal information such as passport numbers, identity card numbers, etc. This was the case, for example, with the Cathay Pacific or British Airways leak. The expert says: "Individuals must be more vigilant when they give their data online, but above all they need to get used to not trusting people blindly when they receive contacts, SMS, emails and even more so when they come from so-called trusted brands. For companies, it’s also recommended that they implement solutions to detect increasingly targeted attacks that are hard to detect, such as spear phishing.”
• Phishing and International Wire Transfer Fraud: the leaked data can also be used to conduct spear phishing campaigns, inviting victims to make international wire transfers (international wire transfer fraud). This is one of today’s most lucrative trends. "Recently, the Pathé group lost 19 million euros in an international wire transfer fraud attack. Through a spear phishing campaign, the fraudster managed to convince the employees to transfer a considerable amount of money several times. This doesn’t require any technical skill, just social engineering and having data that’s either been stolen or purchased on the Darkweb,” Gest confirms.
• SIM swapping: one of the other trends we expect to see more and more of in 2019. Even if the scam isn’t new, it exploits personal data, particularly acquired on the Darkweb. Here’s how it works: "cybercriminals usurp the identity of cell phone owners, take possession of their SIM card, thereby allowing them to bypass the two-factor authentication, which usually goes through an SMS or a call made to the phone. So once they’ve taken control of the phone, the cybercriminals can empty their bank accounts, for example,” Gest

The end of cryptojacking?

Cryptography was one of the buzzwords of 2018. In a few months, cryptojacking, or the mining of malicious cryptocurrency, was propelled to the top of the IT threats, even surpassing the ubiquitous ransomware in volume. But will this activity resist the inexorable fall of bitcoin? Sébastien Gest predicts that it will not. The expert announces "a particularly difficult winter for bitcoin and the sharp decline in the upgrading of bitcoin - the most popular cryptocurrency, on which many virtual currencies are pegged- will lead to a much lower interest in cryptojacking. Ransomware and international wire transfer frauds are now much more profitable. The only prospect for cryptojacking is to switch to the mining of stable coin – those currencies whose value is based on a currency such as the dollar, euro, yen, etc. and whose rate doesn’t fluctuate as wildly: UDST, USD Coin, Bit Euros, etc." 

Sébastien Gest adds with several observations: “We’ve become used to saying every year that attacks are becoming more sophisticated, that the attack perimeter is expanding, etc. But the most dangerous attacks are not necessarily the most sophisticated, as we can see with the phishing attacks that you see in the design of practically 90% of all computer attacks. And unfortunately, the more data leaked, the more key information hackers have to succeed in their attacks. As soon as a private individual or a company logs on, they are exposed to direct attacks or collateral damage, as we have seen with many companies affected by Wannacry. 

Gest concludes: "Finally, for the coming year, how can we not talk about the growing involvement of States in attacks... With all the tools at their disposal - phishing, zero-day, backdoors, etc. - it would not be inconceivable to discover advanced computer attacks - APTs - carried out by States, for various purposes, in 2019. Not to mention that a European election is on the horizon, and that we’ve already seen the impact of computer attacks and interference by foreign powers in electoral processes.”