Cyber hacking has grown more sophisticated over the past five years, from banking trojans and ransomware to today's main threat - cryptomining. Internet security firm Check Point's intelligence operations group manager Maya Horowitz explains how cyber attacks have evolved to Felix Todd
As the internet becomes an ever more prevalent influence on 21st century life, so too do does the danger of cyber hacking.
The technological sophistication of modern innovations like mobile phones and more recently the cloud, while undoubtedly beneficial, have provided a platform for this type of online crime to be more invasive and consequential than ever before.
And threat actors – those who commit cyber crime – have become exponentially more dangerous as their methods have grown more surreptitious, prompting outcry from the public and mobilisation from the organisations dedicated to stemming the tide.
One such company is Check Point, a global internet security firm founded in 1993 with more than 5,000 staff providing various solutions for every company in the Fortune 100.
Intelligence operations group manager Maya Horowitz says: “Cyber crime is a threat to everyone these days – it can certainly be prevented but it’s definitely something to be aware of as well.
“From our perspective, it’s all about understanding the behaviour of threat actors and learning their patterns so we can proactively stop their cyber hacking attempts.
“But now the methods they use are very stealthy – it’s entirely possible to go for months as an organisation and not realised you’ve been a victim.”
Having joined Checkpoint in 2014, Maya is now tasked with uncovering and helping to avert cyber attacks and cyber extortion campaigns against government, financial institutions, businesses and individuals across the globe.
When a new type of internet threat is found, she and her team analyse it and develop the necessary counter-measures to prevent it from being used, before shipping these protection methods to their customers.
She speaks to Compelo about the evolution of cyber hacking and how new technologies have given rise to new threats.
Banking trojans: Effective but clunky form of early cyber hacking
After cyber crime‘s nascence but before it reached the sophistication it has today, banking trojans were among the most dangerous form of online threat.
The method involves using malicious programmes to obtain confidential information about customers and clients who use online banking and payment systems.
“Five years ago, the biggest and most sophisticated digital threat was this kind of thing,” Maya explains.
“They were pretty scary at the time because they could sit in your computing software and access user credentials and financial details – so really important data.”
In 2012, Check Point uncovered a cyber hacking method that used a banking trojan programme to siphon £30m from the bank accounts of 30,000 customers in Italy, Germany, Spain and Holland during the summer that year.
The threat actors involved used a mobile banking fraud scam to target both corporate and private banking users, periodically stealing up to £200,000 at a time.
Maya says: “This kind of attack is obviously really damaging but, compared with modern digital threats, it’s actually a bit clunky.”
“Banking trojans had to be specifically targeted, and they required a user to log-in in order to work – this meant a lot of work for the threat actor.
“It’s important to remember that the ultimate source of a cyber attack is a person, so if the investment they have to put in is too much, there’s not going to be as many of them because it simply isn’t worth it.”
The arrival of ransomware and the 2014 Wannacry hack
“Two or three years ago things really started to ramp up with the arrival of ransomware,” continues Maya.
Ransomware is a recently-developed form of malicious software, designed to block access to a person’s or an organisation’s computer system until the victim pays a sum of money.
Maya explains: “This really made for a much more efficient form of cyber hacking because the threat actors could just hack into your data and ransom it back to you.
“From their perspective, this required much less work and actually provided greater and more reliable benefits.
“And from our perspective, it has a lot more victims because it’s all kinds of data they’re hacking into – it could be anything really and it’s always going to be important to someone.”
In May 2017, the world was rocked by the Wannacry ransomware attack, which exploited a vulnerability in the old Microsoft Windows XP operating system, affecting 150 countries across the globe.
The ransomware used was able to encrypt 176 different file types, denying individual users and large organisations access to a myriad of vital data and information.
In return for releasing their hold on these files, the threat actors involved demanded $300 (£232) ransoms to be paid in bitcoin to three separate online wallets.
Maya argues that while the impact of Wannacry was undeniably harmful on a massive scale, it manifested the danger of cyber hacking in the public consciousness more vividly, prompting a positive reaction.
“Because of the danger of ransomware and the fact it can affect so many people, these types of cyber threats became public knowledge – so people were aware,” she adds.
“Bodies like the FBI would tell people not to pay the ransom while professionals targeted the vulnerabilities to protect them, which created limitations on ransomware and made it a less effective method for the threat actors.
“However, this then prompted an evolution and now these kind of attacks are more specific – they target the most sensitive data possible – which makes people and organisations much more likely to just pay the threat actors to get rid of the ransom.
“It’s cases like this where the pattern between cyber crime and the cyber security measures become clear – they react to one another.”
Cryptomining becomes the primary cyber hacking threat in 2018
Check Point’s research highlights cryptocurrency mining, or cryptomining, as the most prevalent cyber hacking threat in 2018.
So far this year, 42% of organisations globally have been attacked by cryptomining malware, more than double the 20.5% affected in the second half of 2017.
Using this method, threat actors are able to hijack their victim’s central processing unit’s (CPU) power to mine cryptocurrency, using as much as 65% of the end-user’s CPU power.
“Cryptomining is more popular than ransomware simply because it’s easy to start, hard to trace, and earns money for the criminal for a long period of time,” Maya says.
“Over the past year, we’ve really seen the rise of cryptomining as the primary threat in the cyber world.
“Now, when we’re scanning for vulnerabilities, I’d say 80% of the time they’re related to cryptomining.”
Last month, cryptomining comprised the three most common types of cyber hacking, with the Monero currency proving the most popular.
Threat actors have opted for it over bitcoin because it is virtually untraceable and can use standard computer hardware for mining, unlike bitcoin, for which they have to use custom-made chips.
Bitcoin can also be tracked by transaction and address, meaning if a user has received bitcoin to or from a specific address, every transaction involving that address can be viewed.
“For the threat actors, cryptomining is so much easier and uses really basic tech – you really don’t have to be a tech genius to do it,” explains Maya.
“It’s also very stealthy – it’s possible for it to go completely under the radar – it’s very often that there will be a cryptominer on your server and you won’t know they’re there for months or longer.
“To be honest, I really don’t see this threat going away anytime soon – if it ain’t broke, don’t fix it, and for the moment it’s definitely working for the threat actors.”
Technological advancements and their role in cyber hacking
Some of the most profound innovations of the past few years, namely the cloud, have empowered countless people and organisations.
Unfortunately, threat actors can also be counted in that company.
Maya says: “The cloud is a fantastic thing for the user – but it actually provides a platform for threat actors to carry out more effective and dangerous forms of digital hacking.
“Firstly it’s able to store so much data that it makes it a pretty easy choice, but also there’s less segmentation of that data – everything is in one place so once a threat actor is in they can have a lot more effect.
“Cloud providers like Google and Microsoft offer a great service in the cloud and they do protect it – but at the end of the day, it’s not really their job to be on constant alert for cyber threats.”
Mobile phones have also presented a point of exploitation for threat actors.
Researchers at Check Point recently discovered a surveillance operation that targets groups of people using mobile apps, collecting critical data from their devices.
The cyber security firm named it Domestic Kitten, and found its targets are Kurdish and Turkish natives, ISIS supporters and Iranian citizens.
The data collected by Domestic Kitten includes contact lists, call records, texts, browser history, photos and even geographical locations.
“There’s a lot of cyber hacks looking to exploit mobile phones now, whether it’s someone hacking into your WhatsApp, trying to get your details or anything else,” adds Maya.
“They’re with us all the time but it’s easy to forget they have vulnerabilities – and as they evolve so too do the threats.
“That’s really a metaphor for all of cyber crime and cyber security – continual, responsive evolution – but I think we’re at a point now where it’s so sophisticated that it won’t change much for a long time.”