What keeps CISOs up at night? Of all the cyberthreats, malware sends chills down a CISO’s spine, according to The CyberEdge Group’s recently released 2016 Cyberthreat Defense Report. Malware bogeymen come in many shapes and sizes. Here are three of the most nefarious in their respective categories:
Ransomware has come a long way since 1989, when the AIDS Trojan first encrypted a user’s hard drive files and demanded money to unlock them. The latest version of CryptoWall, the most significant ransomware threat in the States, not only encrypts the file, it also encrypts the file name—making it a challenge to even find “kidnapped” files.
CryptoWall cost victims more than $18 million in losses in a single year, according to the FBI. While individual ransom fees are typically only $200 to $10,000, additional costs can include loss of productivity, mitigating the network, incorporating security countermeasures, and purchasing credit monitoring services for employees and/or customers.
Banking Trojan: Dyreza
Banking Trojans use a man-in-the-browser attack. They infect web browsers, lying in wait for the user to visit his or her online banking site. The Trojan steals the victim’s authentication credentials and sends them to the cyberthief, who transfers money from the victim’s account to another account, usually registered to a money mule.
For nearly a decade, the ZeuS Trojan conducted a reign of terror in the banking world. Even after Europol took down the Ukrainian syndicate suspected of operating ZeuS in 2015, new strains kept appearing. But it seems ZeuS has met its match in Dyreza (aka Dyre, aka Dyzap). More than 40% of banking Trojan attacks in 2015 were by Dyreza, according to Kaspersky Lab’s 2015 Security Bulletin. Dyreza’s one-two punch? It can now attack Windows 10 machines and hook into the Edge browser.
Mutant two-deaded worm: Duqu 2.0
There isn’t an official category yet for the most sophisticated malware seen to date. At a London press conference announcing an attack by the new version of the Duqu worm on its corporate network, Kaspersky Lab founder Eugene Kaspersky described the malware as a “mix of Alien, Terminator and Predator, in terms of Hollywood.”
The original Duqu worm was mysterious enough, being written in an unknown, high-level programming code. Now Duqu 2.0 is further flabbergasting the security experts. Some describe it as a compound sequel of the Duqu worm that assimilates the features of a Trojan horse and a computer worm. Others call it a collection of malware or a malware platform.
I’m dubbing it the Mutant Two-Headed Worm because it has two variants. The first is a basic back door that gives attackers an initial foothold on a victim network. The second variant contains multiple modules that give it multiple superpowers: it can gather system information, steal data, do network discovery, infect other computers and communicate with command-and-control servers. And did I mention Duqu 2.0 has an invisibility Cloak? The malware resides solely in a computer’s memory, with no files written to disk, making it almost impossible to detect.
If Duqu 2.0 attacks increase in 2016, expect malware to be a CISO’s worst nightmare next year too.
Download the 2016 Cyberthreat Defense Report to learn how IT security professionals perceive cyberthreats and their plan to defend against them.
Susan Richardson, Manager/Content Strategy, Code42
[Cloud Security Alliance Blog]