When it comes to the threat landscape, it’s important to take a look in the rearview mirror once in a while.
When it comes to the threat landscape, it’s important to take a look in the rearview mirror once in a while. As with driving, not only do you get a good look at what’s behind you, but you can often spot what’s coming up quick, set to overtake you.
That’s the spirit of this threat report. We’ve picked out five key stories from the last year or so, not just because they were big events, but because we think these threats, or similar ones, could very well appear in the near future.
Take modular threats like Emotet and VPNFilter, for example. These are threats that can deliver an on-demand menu of attacks and threats, depending on which device is infected or the intended goal of the attacker. We saw plenty of such modular threats in recent history, and wouldn’t be surprised if we see more in the future.
Email remains the darling delivery method of attackers, with threats from cryptomining to Emotet using it to spread. It’s also highly likely that other threats, such as unauthorized MDM profile, used it too. This highlights how critical it is to keep a close eye on what is coming in through your mailbox.
Revenue generation continues to be a primary motivation for attackers: malware follows the money. Cryptomining threats, for instance, are laser-focused on this goal. Meanwhile, Emotet has pivoted to a threat distribution network, capitalizing on a variety of options to make money.
Data exfiltration has also taken its time in the spotlight. VPNFilter included the ability to exfiltrate data, among its many features. Emotet, beyond stealing network credentials to help it spread, was also seen spreading Trickbot, another popular infostealing banking trojan.
We’ve picked out five key stories because we think these threats, or similar ones, could appear again.
Finally, some threats just want to watch the world burn, as is the case with Olympic Destroyer. We saw a number of threats like this in the last year, but none grabbed the headlines like an attack whose sole purpose appears to have been to disrupt the Winter Olympics.
So while we look back at some of the most impactful threats of 2018, it’s important to be mindful of what made these threats so successful. Many of them may be in the rearview mirror for now, but have you passed them, or are they speeding up to pass you and your security strategy?