Cybercrime the best paid business!!!
Cybercrime is big business and growing every year. An increasing amount of malware is being introduced. With the increase in the number of Internet-connected devices ranging from refrigerators to other useful tools, there is an increase in the avenues that cybercriminals can fraudulently acquire your information and use to their advantage.
Offer: Buy a Malware and we give you a C&C for free.
Malware development went from being simple fun for programmers or a way to demonstrate their capabilities to becoming the most lucrative market in history with the emergence of the business model dubbed in the underworld as MaaS or Malware as a Service, making malware available to the highest bidder for a small fee (including support, of course, but customer service is always important).
What we came for, these were the cyber threats that rumbled the Internet in 2020
1. Clop ransomware
Clop is a ransomware-type virus discovered by Jakub Kroustek. This malware is designed to encrypt data and rename each file by appending the extension “.clop”. For example, “sample.jpg” is renamed to “sample.jpg.Clop”. After a successful encryption, Clop generates a text file “ClopReadMe.txt” and place a copy in each existing folder. The text file contains a sransom request.
Generally, cybercriminals claim that the files are encrypted and that only they are able to restore them.
Did you know that…
Symmetric encryption systems are those that use the same key to encrypt and decrypt a document. The main security problem lies in the exchange of keys between the sender and the receiver, since both must use the same key.
2. Fake Windows updates (hidden ransomware).
A new ransomware distributed by email that tries to trick the victim into believing it comes from Microsoft, and advises to download and open the malicious file to perform the Windows 10 update when it is nothing more than a mask for the execution of Ranwomware.
3. Zeus Gameover
Zeus Gameover is part of the “Zeus” family of malware and viruses. This piece of malware is a Trojan that accesses your sensitive bank account data and steals all your funds.
The worst thing about this particular variant of the Zeus family of malware is that it does not require a centralized “Command and Control” to complete transactions, which is a flaw found in many cyber-attacks that authorities may target. Instead, Zeus Gameover can bypass centralized servers and create independent servers to send confidential information. In essence, you cannot trace your stolen data.
4. Fleeceware
There is some disagreement as to whether it is a scam or not. First discovered in September 2019, fleeceware are apps that typically charge users hundreds of dollars in fees once they exceed the free trial period on the Google Play Store and App Store.
Some app developers used loopholes in Play Store and App Store trial period functionality policies not only to charge excessive fees to users who forgot to end trial subscriptions, but also to charge users who thought they also successfully ended free trials. Others charged fees without even allowing the user the promised free trial period.
5. Social engineering
Humans are possibly the weakest link in any security protocol. This is why cybercriminals resort to human psychology and deception to try to gain access to personal information.
6. Cryptojacking
Cryptojacking is the unauthorized use of another person’s computer to mine cryptocurrencies. Cybercriminals do this by having the victim click on a malicious link in an email that loads cryptocurrency mining code onto the computer, or by infecting a website or online advertisement with JavaScript code that automatically executes once it loads in the victim’s browser.
Either way, the cryptomining code runs in the background while unsuspecting victims use their computers normally. The only sign they may notice is slower performance or delays in execution.
7. State-sponsored attacks
Beyond cybercriminals looking to profit by stealing individual and corporate data, entire nation states are now using their cyber skills to infiltrate other governments and conduct attacks on critical infrastructure.
8. IoT-based attacks
The number of “smart” Internet-connected devices in homes and businesses is beginning to increase. The problem is that not all of these smart devices have robust security installed, creating opportunities for attackers to hijack these devices to infiltrate commercial networks.
9. DDoS attacks
Distributed Denial of Service (DDoS) attacks continue to be a major cyber threat for many organizations. These attacks are designed to overwhelm the victim’s network resources so that they cannot process legitimate traffic on their network.
10. Unpatched bugs and security vulnerabilities
Other attackers may target known security bugs in popular enterprise software programs, bugs that often have fixes available. Too often, however, these security updates or patches are not applied to vulnerable software. This leaves the enterprise network exposed to external attacks and compromises.
A serious shortage of cybersecurity professionals
The cybercrime epidemic has escalated rapidly in recent years, while companies and governments have struggled to hire enough qualified professionals to protect against the growing threat. This trend is expected to continue in 2020 and beyond, with some estimates indicating that there are around 1 million job openings worldwide (potentially increasing to 3.5 million by 2021)..
Tips to prevent becoming a victim of cyberthreats
- Avoid using Black Market software: More and more you see the growing wave of WhatsApp messages asking you to download a new plug-in or functionality to improve the application and they ask you to download and install an APK (Android Package), do NOT do it if you don’t want to be another victim.
- Avoid clicking on pop-up ads: Remember, there is no such thing as a free reward. Pop-up ads claiming to offer free rewards, such as a new iPhone, are mostly fake. Therefore, do not click on such pop-ups and close the site immediately.
- Do not open unknown e-mails: Most new computer viruses enter the device through e-mail attachments. Therefore, to stay protected, do not open any suspicious emails from an unknown source.
- Back up files on a regular basis: If data loss is your main concern, create regular file backups. Using an external cloud drive to back up crucial files helps prevent data loss.
- Avoid using open wifi: Resist the temptation to access the Internet for free via open wifi. Passwordless and unencrypted wifi can be a trap set by cybercriminals. Don’t fall prey to it.
- Get a powerful anti-malware: The best way to keep your PC safe for that uninterrupted computing experience is to get solid anti-malware software. Panda Adaptive Defense 360 the best EDR solution for your organization.
- Update, Update, Update: Many people often have their devices out of date, because they feel they get slower or simply because they are overwhelmed by having to wait for it to shut down or even boot up. However, it is of utmost importance to maintain the latest software version on all your devices to avoid being part of the statistics.
Has your company been a victim of Ransomware? we invite you to get to know the NO MORE RANSOM project: