Moore's Law, advocated by Gordon Moore of Intel fame, says that the computational capabilities will double every 18 to 24 months. And we've seen that really unfolding over the last 30 years (see chart). It's really stoked people's imagination, so much so that many believe that the promise of artificial intelligence (AI) could become reality, and computers could actually learn to think like humans. I believe it's still a number of years away, but it is fueling a lot of hype regarding AI. What it's truly capable of, where it can be effective, and what it takes to implement it, all of which have become somewhat inflated in the market today.
The group behind a notorious banking trojan have expanded their operations are are now offering to deliver other forms of malware on behalf of other attackers. The Mealybug hacking operation has been active since at least 2014 and is known for its custom-built Emotet trojan, a form of self-propagating malware which has mostly targeted banking customers across Europe. But now Mealybug has changed its approach to cyber crime, with a shift towards using Emotet as a way for other groups to steal information with the US by far the biggest market for this malicious activity, accounting for 90 percent of detections. The evolution of Emotet from banking trojan to distributor of threats for other malicious actors has been detailed by researchers at security company Symantec, who have been monitoring its activity. Emotet arrives via a phishing email containing a malicious link or a malicious document which is used to download the payload.
The Panda banking Trojan, used to steal money from organizations worldwide, is now being distributed through the Emotet threat platform. According to researchers from Cylance, Panda Banker, a variant of the Zeus banking malware, is still an active threat over two years after discovery. The Zeus spin-off is used in targeted phishing attacks conducted over email, as well as attacks launched via exploit kits including Angler, Nuclear, and Neutrino. Cyberattackers utilizing the malware often embed the malicious code in crafted Microsoft documents, designed to deploy the payload through macros. Once Panda Banker has compromised a victim machine, the malware connects to a command-and-control (C2) server and sends along information including the OS version, latency, local time, computer name, data relating to any antivirus software which has been installed, and what firewalls are in operation.
A newly-discovered cyber crime campaign is targeting restaurants, cinemas and other retailers in the entertainment and hospitality industries with point-of-sale (POS) malware in an ongoing effort to steal credit card information from customers. Known as DMSniff, the malware is thought to have been active since 2016, having managed to fly under the radar until now, having been uncovered and detailed by researchers at cyber security intelligence company Flashpoint. The key targets of DMSniff are small and medium sized companies which rely heavily on card transactions, such as the food, hospitality and entertainment industries. What sets DMSniff apart from other forms of POS malware is how it uses a domain generation algorithm (DGA) to create command-and-control domains on the fly, helping it to resist takedowns and bypass simple blocking mechanisms. This is beneficial for the attackers because if domains are taken down by law enforcement or hosting providers, the malware can still communicate with the compromised POS device - and continue to transfer stolen data.
The Emotet Trojan, a thorn in the side of financial institutions and your average individual alike, is back with new techniques and an upsurge in attacks. According to researchers from Menlo Security, since mid-January 2019, Emotet has been used in a rapid stream of campaigns which have evolved to infect even more systems. Emotet was first discovered back in 2014 and is now considered one of the most destructive and insidious financial Trojans in existence. Once known simply as an individual, self-propagating Trojan with little to recommend itself, the threat actors behind the malware, dubbed Mealybug, have created a malware-as-a-service business based on the Trojan in recent years -- pivoting the malware to a threat distribution platform available to other cyberattackers. The modular Emotet software now usually acts as a distribution and packing system for other malicious payloads, but is also able to brute-force computer systems, generate Business Email Compromise (BEC) messages in compromised accounts for the purposes of spam campaigns, create backdoors, and steal financial data.