IT Security: The Growing Threat of Malware and Cyber Attacks

As if we don’t have enough to worry about these days the personal computer and Internet which most of us use daily in both our personal and professional lives have become a lucrative source of income realized nefariously by cyber criminals who are always looking for new ways to steal your valuable personal information for resale to other hackers not to mention your hard earned money. These cyber criminals use a variety of malicious software (malware) to accomplish their fraudulent activities including ransomware and encryption that is extremely difficult to decrypt.

The global cyber security firm Kaspersky Lab reported that the number of computer users who experienced attacks by invasive malware increased 22.49% in the fourth quarter of 2016 compared to the same time period in 2015. This indicates that malware is doing its job so well that more and more cyber thieves are using it to gain access to information to which they are not entitled which they use against targeted individuals, business entities and government agencies to steal private information and millions of dollars.

The researchers at Kaspersky Lab conducted an analysis of the cyber threats that were prevalent during the entire holiday period from the first of October through the end of December, 2016. These analysts observed an increase in the number of cyber attacks on Black Friday, Cyber Monday and throughout the entire Christmas holiday period.

Their research for the month of November revealed a spike in the number of invasive attacks on Cyber Monday, the first Monday after the Thanksgiving holiday observed in the United States on the fourth Thursday of every November. This spike in malicious malware attacks affected twice as many computer users than on the previous day.

Different patterns were indicated as far as Black Friday and the entire Yuletide season inasmuch as malicious attacks occurred one or two days before the actual holidays. Since Cyber Monday is all about online sales offered by e-commerce which greatly impacts credit card companies and financial institutions, Cyber Monday has proven to be a more lucrative time for hackers and has become their main focus for delivering malware to unsuspecting individuals and businesses alike.

Kaspersky Lab’s researchers also determined that Zbot, Shiotob, Gozi, Neurevt and Nymaim Trojan malware accounted for 92.35% of cyber attacks conducted during the holiday period.

Network security has become a real headache for Internet Technology (IT) professionals because malware continues to get more and more complicated, sophisticated and harder to locate, identify and eradicate.

A host of hacking tools were just released on the Internet and are believed to have been designed by the United States’ National Security Agency (NSA). These tools consist of 61 files that target computers and other electronic devices that utilize Microsoft Windows applications (Word, Excel, PowerPoint) and are available for free downloading by anyone who wishes to use the tools to help fight cyber attacks via Windows.

The recent release of these hacking tools was apparently made by a Russian hacking group that calls itself The Shadow Brokers, which previously declared that it would be selling those tools to the highest bidder but then backed off that announcement because of a lack of interest by computer users worldwide probably because of the hackers’ ridiculous request of at least 10,000 bitcoins which represents about 8.2 million U.S. dollars.

Shortly thereafter the hacking group announced that it was ceasing its nefarious operations and going “dark” which means they are suddenly terminating communications. The Shadow Brokers released a bewildering statement in broken English that said “TheShadowBrokers is deleting accounts and moving on so don’t be trying communications. Despite theories, it always being about bitcoins for TheShadowBrokers. You are being disappointed? Nobody is being more disappointed than TheShadowBrokers.”

That puzzling post didn’t clarify why the group was taking such action, but referenced “political talk” and the increased risk involved with its high profile hacking cyber crimes.

Nobody can assuredly conclude that The Shadow Brokers really got those hacking tools from the NSA but it is assumed they did originate from there because programming codes were the same as those that whistleblower Edward Snowden (who is now exiled from the U.S. and living in Russia) apparently unlawfully obtained when he worked for that organization. Cyber experts think the hacking tools were designed and produced by an organization called The Equation Group, which many believe is also a team of hackers and is supported by the NSA.

The Shadow Brokers indicated that their dirty deeds may not actually be over inasmuch as it has stolen passwords that may be released at a later date if nobody comes forward with the ridiculous amount of money requested in order to prevent them from being released.

Although intelligence experts are not sure why the group is relinquishing its most powerful tools to date, it appears that the group is connected to Russian intelligence agencies and the move was made in an attempt to warn the new U.S. Trump administration to not escalate the ongoing cyber war between the two superpowers.

Another well known Russian hacking group that calls itself Guccifer 2.0 was responsible for hacking emails of the Democratic party’s Presidential nominee Hillary Clinton and releasing them to WikiLeaks during the period before the U.S. 2016 Presidential election. In an announcement made on the same day that The Shadow Brokers released its malware tools the Guccifer hacking group denied any affiliation with the Russian government.

One of the most successful cyber criminal groups that has ever operated is called the Carbanak Gang whose malware has helped the hacking group steal over a billion dollars from banks and financial institutions worldwide. Since most large businesses employ up-to-date security systems and trained IT security personnel to block communications with questionable organizations and websites in an attempt to prevent inadvertent downloading of malicious software, the group had to figure out another way to get into computers.

Since Google services are popularly used worldwide and Google domains are very unlikely to be blocked the Carbanak Gang developed a new way to deliver their malicious software and commands used to send and receive data from the computers they’ve infected by using Google Spreadsheets and Google Forms. This use of an authentic third party service provider enables cyber criminals to hide in plain sight which increases the chances of their successfully conducting even more lucrative cyber heists.

This is not a novel way to introduce malware since the security firm Symantec discovered a Trojan in 2012 they named “Makadocs” which was using Google Docs to transmit communications.

The Carbanak malicious threat is delivered and spread using a phishing attack in the form of an attachment to Google Docs. This kind of cyber crime has proven to be an effective hacking tool since even the best security experts can be tricked into opening phishing emails and malicious attachments if they look legitimate enough.

Google is aware of the new Carbanak threats and its official spokesperson said “We’re constantly working to protect people from all forms of malware and other types of attacks. We’re aware of this particular issue and taking the appropriate actions.”

Since malicious invasions increase every day it is imperative that all computers and other electronic devices utilize up-to-date security software and that they are set up to automatically receive updated versions of every computer software application they use. Users should also remove any software programs they rarely or never use from their computers and backup all computer files frequently if not every day.

There are so many malicious threats utilized to steal information and money and it is extremely important that individuals, businesses and government agencies worldwide take precautionary measures to prevent such attacks and maintain a good working relationship with an IT company or individual who keeps abreast of the latest threats.