Ride the Lightning

AI Now Helps Ransomware Bypass Anti-malware Software

January 31, 2019

The Malwarebytes State of Malware 2018 Report found an odd mix of attacks that took place last year with businesses bearing the brunt of cybercriminals’ efforts, while consumers were victimized in a new way using their previously hacked PII.

SC Media carried a post highlighting the findings of the Malwarebytes 2018 Report.

The amount of malware targeted at business increased 79 percent, compared to 2017, with trojans, hijackers, riskware tools and backdoors being the most prevalent. Cryptocurrency mining and ransomware also played a big role with the former hitting its peak early in 2018 and then quickly fading away as currency values plummeted while the latter was distributed in new and dangerous ways.

Marcin Kleczynski, Malwarebytes CEO, told SC Media the major change with ransomware came in the delivery method. “They are no longer using a shotgun approach and that worries me,” he said, adding that instead of using spam or malvertising exploits aimed at a huge swath of potential victims, the attackers are manually choosing targets and then using a brute force approach to gain entry along with artificial intelligence to bypass the target’s antivirus software.

This was the approach used to deliver SamSam ransomware to Atlanta, the Port of San Diego and the Colorado Department of Transportation.

Other than ransomware, businesses and banks in particular, faced an increased number of trojans with Kleczynski noting a day did not go by without a client calling and saying they were being hit with Emotet or Trickbot.

On the consumer side the big surprise, Kleczynski said, was the huge number of sextortion scams that took place. Even odder was the fact that these did not include malware of any type, but simply preyed upon the victim’s ignorance and guilty conscience. The scams center on emails that say the attacker has obtained evidence that the target at one time visited a sex site. Often, to scare the user, they include old login information from the target person bought on the dark web. We can certainly attest to the high rate of sextortion email – we have been called by frantic lawyers, business folks, and friends as far away as the U.K. The relief in their voices when they hear it is a scam is palpable.

Malwarebytes predicts cryptomining attacks against consumers and browser based attacks will all but cease and miners will focus on injecting platforms like servers and IoT devices which can generate more revenue.

The Chinese curse "May you live in interesting times" certainly has been fulfilled.

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson