Be it in person or online, the world is still struggling in the fight against viruses. 2021 was another year where the headlines were awash with COVID-19. But cyber scandals too were vying for their spot in the limelight, as malware and ransomware attacks ran rampant, and supply chains took a digital beating (just in case they weren’t tormented enough).
Unfortunately, 2022 looks set to be subject to the same scope of threats – with more fresh assaults and ever-creative ways to exploit vulnerabilities thrown in for good measure. So, as we head into a new year, now is a pivotal time to look back at some of the nastiest, most recent malware to better understand the threats and how to protect against them.
But equally as important is being prepared for whatever bad actors throw your way – and that begins with the acknowledgement that every business, regardless of size, is at risk. Only then can you embrace a layered approach to cyber security, backed up by a robust cyber resilience strategy, that’s so critical to defence against malware in a digital-first world.
Why cyber crime groups are some of the world’s most effective startups
Uncovering the nastiest malware of 2021
In keeping with tradition, Webroot recently published its annual uncovering of the year’s nastiest malware. It’s not a nice job and some may wonder why of all businesses a cyber security company wants to give bad actors a platform. But to defeat your enemy, you must know your enemy – so herein lies the purpose of this undesirable list (displayed in no particular order).
LemonDuck: This well-known botnet and crypto mining payload has only been around for a couple of years. But in 2021, LemonDuck grew more popular and added new features such as stealing credentials and removing security protocols. Because there’s no ransom demanded – and therefore no knowledge of the attack – this malware is particularly nasty.
REvil: Everyone, even those who aren’t in InfoSec, heard about the July Kaseya supply chain attack carried out by REvil. But they also attacked countless other businesses, including global meat supplier JBS. Perhaps unsurprisingly for an operation with evil in its name, this loathsome bunch also offer ransomware-as-a-service (RaaS), which means they make the encrypting payload and facilitate the extortion leak sites on the dark web.
Trickbot: Trickbot has been around for a decade now as a popular banking trojan, which has evolved into one of the world’s most widely recognised botnets. Used by a large proportion of the online underworld, Trickbot is linked to many ransomware groups due to its versatility and resilience, with infections almost always leading to ransomware.
Dridex: Dridex is another popular banking trojan and infomation stealer that’s been around for years. Once on a machine, it moves laterally through a network to drop loaders to create persistence. Like Trickbot, Dridex takes its time gathering credentials until gaining full control. From there, it can do the most damage while preventing mitigation strategies from shutting them down.
Conti: This ransomware group is no stranger to the nastiest malware list, appearing previously as the operators behind Ryuk. In 2019, they were the FBI’s most successful ransomware group and have continued to make plenty of headlines and breach large organisations in 2021. Most often, credentials are grabbed or phished elsewhere, from info stealing trojans like Trickbot or Qakbot.
Cobalt Strike: Cobalt Strike is a pen testing tool designed by white hats. Its purpose is to help red teams simulate attacks so hackers can infiltrate an environment, determine its security gaps and make the appropriate changes. It uses a selection of powerful features, like privilege escalation, process injection, credential and hash harvesting, network enumeration and lateral movement. As a result, we’re seeing several bad actors use this tool as it’s easy to use for scalable and customised attacks.
Cyber security essentials for 2022
Once you’ve begun to understand the threats, it’s essential to protect against them. Embracing a multi-layered cyber security strategy is the key to achieving this and remaining two steps ahead of bad actors. Because, rather than simply waiting for attacks to hit endpoints, layered security takes a holistic view of cyber defence.
By accounting for the wide range of vectors by which modern malware is delivered and recognising the importance of network and end user-level security, this in turn can unlock a number of advantages. This includes protection against ascendant polymorphic malware and email attacks, while also providing DNS-level security to defend against threats originating at network level.
Phishing continues to typically be the first step in compromising a business and the key for a majority of attacks, as hackers are constantly seeking to target employees and exploit their vulnerabilities – so user education and training must advance in line with ever-evolving threats.
As alluded to above, bad actors don’t stand still and they’re always looking for new vulnerabilities to exploit. Ransomware actors in particular are growing more advanced with their tactics, even going as far to recruit talent and provide a streamlined user experience. This, quite frankly, is terrifying – and for every operation that gets shut down, two spring up to replace it.
Cyber security professionals, in response, must move in tandem with these threats. Leveraging our networks of likeminded peers to share our knowledge and expertise while also embracing the right tools and taking a dynamic approach to training, to keep employees vigilant – and bad actors at bay.