Cyber Attack Trends

In its mid-year report, Check Point Research provides analysis of the year to date, looking at global cyber attack trends in malware overall, ransomware, and mobile and cloud malware.

TREND 1: Software supply chain attacks on the rise

In software supply chain attacks, the threat actor typically installs malicious code into legitimate software by modifying and infecting one of the building blocks the software relies upon. As with physical chains, software supply chains are only as strong as their weakest link.

Software supply chain attacks can be divided into two main categories. The first includes targeted attacks aiming to compromise well-defined targets, scanning their suppliers list in search of the weakest link through which they could enter. In the ShadowHammer attack, attackers implanted malicious code into the ASUS Live Update utility, allowing them to later install backdoors on millions of remote computers.
In the second category, software supply chains are used to compromise as many victims as possible by locating a weak link with a large distribution radius. One such example is the attack on PrismWeb, an e-commerce platform, in which attackers injected a skimming script into the shared JavaScript libraries used by online stores, affecting more than 200 online university campus stores in North America.

TREND 2: Evasive phishing cyber attacks

Phishing is a popular cyber attack technique and continues to be one of the biggest cyber security threats. Advanced socially engineered evasion techniques are bypassing email security solutions with greater frequency. Check Point researchers noted a surge in sextortion scams and business email compromise (BEC), threatening victims into making a payment through blackmail or by impersonating others, respectively. Both scams do not necessarily contain malicious attachments or links, making them harder to detect. In April, one sextortion campaign went as far as pretending to be from the CIA and warned victims they were suspected of distributing and storing child pornography. Hackers demanded $10,000 in Bitcoin.
Evasive email scams include encoded emails, images of the message embedded in the email body, as well as complex underlying code that mixes plain text letters with HTML character entities. Social engineering techniques, as well as varying and personalizing the content of the emails, are additional methods allowing the scammers to fly safely under the radar of anti-spam filters and reach their target’s inbox.

TREND 3: Clouds under attack

The growing popularity of public cloud environments has led to an increase of cyber attacks targeting resources and sensitive data residing within these platforms. Following the 2018 trend, practices such as misconfiguration and poor management of cloud resources remained the most prominent threat to the cloud ecosystem in 2019. As a result, subjected cloud assets have experienced a wide array of attacks. This year, misconfiguring cloud environments was one of the main causes for a vast number of data theft incidents and attacks experienced by organizations worldwide.
Cloud cryptomining campaigns have increased with upgraded techniques capable of evading basic cloud security products. Docker hosts have been exposed and competitors’ cryptomining campaigns operating in the cloud shut down. Check Point researchers also witnessed an increase in the number of exploitations against public cloud infrastructures.

TREND 4: Mobile device attacks

Malicious actors are adapting techniques and methods from the general threat landscape to the mobile world. Banking malware has successfully infiltrated the mobile cyber arena with a sharp rise of more than 50% compared to 2018. In correlation to the growing use of banks’ mobile applications, malware capable of stealing payment data, credentials and funds from victims’ bank accounts have been pushed from the general threat landscape and became a very common mobile threat too.