10 years MELANI
The reporting and analysis center MELANI is ten years old and has published its 20th semi-annual report: it not only highlights the most important events of recent months, but also takes a look at the development of cybercrime over the past decade.
In the last ten years, the number of Internet users has increased enormously, as has the number of platforms and services. New services and applications created additional opportunities to find and also exploit vulnerabilities. This also affected criminal structures and was exploited accordingly. Thus, a true underground market has developed in recent years, where everything can be procured to carry out an attack. Nowadays, various states also have a great interest in using the Internet for espionage and surveillance methods. Compared to the first MELANI Semi-Annual Report from 2005, however, it can be seen that the topics are largely the same: Even then, the focus was on targeted espionage attacks, phishing, DDoS, defacements and social engineering.
New extortionist malware
In the second half of last year, the landscape of extortionist malware has become even more diverse. Following the Cryptolocker encryption Trojan, a new malware called Synolocker has emerged. What is significant about Synolocker is that the attackers only had to exploit a vulnerability in a particular file server to trigger an infection. Cryptolocker's infection was more elaborate, as it took user interaction to inject the Trojan. Attackers use the Trojan to penetrate systems and encrypt the data in order to extort money from the victims.
A new extortionist trend is also moving in the direction of hackers gaining access to sensitive data and threatening the affected company with publication unless a certain amount is paid. In other cases, even the entire database of an Internet presence is encrypted, rendering the website unusable until the extorted amount is transferred.
Poorly protected systems
At first glance, attacks on poorly protected systems such as webcams, wireless networks or content management systems for creating websites only leave the operator or content owner with a loss. Often forgotten is the fact that compromised systems can be misused for phishing attacks, distributing malware or sending spam, even with contaminated attachments or links to malicious websites. This semi-annual report cites specific examples and makes recommendations on how to prevent impending dangers.
Smart and safe?
The trend toward operating everyday objects, cars and houses remotely using smartphones is steadily increasing. Even people's state of health is being transferred to the Internet through the use of health apps. But with all the convenience comes exposure to the dangers and risks of the Internet, and people should protect themselves accordingly. The second semi-annual report for 2014 MELANI provides insight into the potential threats in the new smart world.
Press release MELANI
The topics have remained largely the same: espionage attacks, phishing, DDoS, defacements, social engineering.
(MELANI.)
