Learn From Yesterday, Live for Today, Hope for Tomorrow – Albert Einstein
2019 was a highly eventful year for those working in the cybersecurity space. Security staff did not have it easy, with arguably the least enviable role within an IT department. As the sophistication, daring and evasiveness of threats developed, the financial damage caused to companies as a result of Cyber-attacks became more apparent, and as it did, more of a heightened concern.
Perhaps the singular concern most responsible for raising anxiety levels was that of ransomware attacks which over the course of 2019 became more targeted. Hackers appeared to narrow in their focus against large enterprises from whom they surmised they could extract larger payouts. Over the course of 2019 ransom demands from successful attacks reached millions of dollars, even despite internal industry pressure to resist the relative “ease” of paying off ransom demands. 2019 also saw the start of ransomware actors leaking the data of attacked organizations uncooperative in paying the ransom. Although this had been threatened before, no-one, until this point, had actually followed through on the threat.
Over the duration of the year, Emotet, the highly destructive banking trojan, becomes the most prominent threat in the cyber-landscape. After a relatively inactive period during the summer months (it appears hackers need to take holidays too), Emotet resurfaced in September, with a very large attack wave, and a quick succession of mutations. Throughout 2019 Emotet was seen working in collaboration with many other malware campaigns where hackers used it to drop ransomware, spyware, and backdoors onto systems that were initially infected by Emotet.
Research undertaken by Deep Instinct’s Threat Intelligence Research team indicated a growing connection between nation-states and financially motivated hackers. In December 2019 it was found that the leader of “Evil Corp” a hacking group indicted in the U.S. for stealing over $100 million by using a Dridex banking trojan, was a citizen of Russia. The individual was alleged to have been working in collaboration with the FSB, Russia’s Federal Security Services, since 2017. It was reported that the Russian state authority had provided the hacker with sensitive information used to help execute their attack.
During 2019, the Threat Intelligence research team at Deep Instinct uncovered several new and unique malware campaigns, while protecting our customers from ceaseless attacks. The campaigns uncovered include Trickbooster, an email harvesting module, used by Trickbot, which had successfully collected over 250 million email addresses, including those of government departments, educational institutions, and large corporations; Legion Loader, a malware loader which can drop multiple different malware campaigns in a single deposit on a victim’s computer; and Separ, a credential stealer which was responsible for the credential theft of hundreds of organizations.
More insights like these can be found within Deep Instinct’s Cyber Threat Landscape Report for 2019 to 2020. The report discusses trends seen during 2019 and provides concrete data on the changes in the landscape throughout the year. We expect this report will provide the reader with a better understanding of the present threat landscape and its trajectory. A critical resource for those working in the cybersecurity space, the report addresses the security challenges of last year and how to be best mitigate the coming threats of 2020.