Talos did a really good job summarizing some of the top threats seen this year. The original post can be found HERE.
It was easy to see a wild year coming in cybersecurity. It started with a bang, with Olympic Destroyer targeting the Winter Olympics in February in an attempt to disrupt the opening ceremonies. Things only got crazier from there, with cryptocurrency miners popping up everywhere, and VPNFilter taking the world by storm over the summer. There was never a shortage of cybersecurity news this year, and Talos was there to dissect all of it. As the year wraps up, here’s a look back on the most prominent malware we discovered and the major trends we saw — some of which we expect to continue into 2019. Take a look below for our malware Year in Review, as well as a timeline of the major attacks Talos discovered this year.
The aforementioned Olympic Destroyer malware started the year out with a bang. This attack first emerged the night of the Opening Ceremony in South Korea, temporarily taking down the Olympics’ ticketing website and infecting systems at the stadium where the ceremonies were being held. Talos identified several malware samples that indicated a malicious actor hoped to disrupt the ceremonies, as the malware only contained destructive capabilities. In the following weeks, researchers attempted to identify who was behind the attack. However, the malware included several false flags that made attribution incredibly tricky. Olympic Destroyer would eventually return with a variant later in the year that makes it tougher to detect.
A few months later, VPNFilter took the world by storm. Talos first disclosed the details of this attack
More consumers are turning to mobile devices for their every day needs rather than desktops. And as more every-day consumers use their smartphones for shopping, email and more, attackers can take advantage of those people who may not be as aware of online threats as they should be. This has opened the door to mobile malware that relies on tricking users into enabling malicious apps to access content they shouldn’t be able to otherwise. In some cases, attackers have gained the ability to completely take over a mobile device, as in a small campaign we discovered in India in July. In a small campaign, Talos discovered 13 devices infected with mobile device management (MDM) software that could allow attackers to tack on malicious features to legitimate apps, giving them the ability to exfiltrate information such as contacts, photos, messages and location. Later on in the year, we discovered this campaign targeted more devices than we initially thought and even connected the attack to another actor who had a history of targeting Android devices. Another trick attackers liked to use this year on mobile devices in disguise. In the case of GPlayed, an attack we discovered in October, one actor was able to trick users into downloading a malicious app that disguised itself as a legitimate Google Play app store. Once installed, the malicious app can load plugins and inject scripts. Eventually, GPlayed evolved to the point that it included a banking trojan that attempted to steal users’ login credentials to financial services websites.