Traditional security solutions, although efficient in protecting against known malware, are incapable of protecting against attacks that use non-malicious tools and other advanced techniques. This argument has gained traction in recent investigations carried out by PandaLabs, the anti-malware laboratory at Panda Security. The laboratory presents its second quarterly report for 2017, which takes a look at some of the most harrowing months in cybersecurity in recent years.
The rise of cybercriminal groups, the hacking of elections in several countries, the leaking of espionage tools, and state-backed large-scale attacks — all of these factors have elevated cyberwarfare to the highest level, shaking the very foundations of cybersecurity across the world.
Main Conclusions from the Quarter:
- Cybercriminal groups are on the rise: The Shadow Brokers plan to continue publishing stolen NSA data, and the cyberarms race is coming to a boil. Individuals and companies should take extra security precautions.
- Individuals and businesses, in the crosshairs: Out of all the machines protected by a Panda Security solution, 3.44% of them were attacked by unknown threats, representing an increase of almost 40% from the previous quarter. If we look at the type of client, home users and small businesses make up 3.81% of attacks, while in the case of medium and large companies the figure is 2.28%. Home users have far fewer protective measures in place, and they are therefore more exposed to attacks. Many attacks that successfully run their course in a home setting are easily detained in corporate networks before they can have an effect.
- Cyberwarfare: the second quarter of the year has marked two of the largest cyberattacks in history. WannaCry and Petya have shown us that governments are not hesitating to “push the button” when it comes to launching a cyberattack and that everyone who uses the internet or connected devices could end up being a collateral victim on the global stage of cyberwarfare. The following are some figures describing the extent and damage of WannaCry:
- Ransomware attacks are still on the rise, and the only explanation is that there are still victims willing to pay. Otherwise, attacks of this sort would eventually be phased out. It is up to all of us to put an end to these attacks, on the one hand protecting ourselves against becoming victims, and on the other to always keep a backup of our data so as to never pay a ransom.
- “Zero-day” attacks are the most sought after exploits to launch attacks, as they are completely unknown by the manufacturer of the affected software and allow attackers to compromise computers, even if their software is updated. In April, a vulnerability was discovered which affected various versions of Microsoft Word, and we know that it was being used by attackers from at least January. In that same month of April, Microsoft published a corresponding update to protect Office users.
- IoT and Smart Cities: hyperconnected cities bring immense security risks that give attacks a multitude of new vectors. Last June, WannaCry infected 55 cameras located at traffic lights and speed control points in Australia after a subcontractor connected an infected computer to the network where they were located. Police had to cancel 8,000 traffic fines following the incident.
PandaLabs Cybersecurity Recommendations
In this context, reinventing cybersecurity with software that can measure up to the threats we face has become a matter of urgency. Only a solution like Panda Adaptive Defense, which combines EDR (Endpoint Detection & Response) technology with the ability to monitor and classify 100% of running processes can reduce the possibility of falling victim to advanced attacks such as those described in this report.