- Chelsea Handler tackles system racism in ‘Hello Privilege. It’s Me, Chelsea’ 4 Years Ago
- Gun control proposal: Trump, lawmakers considering background check-conducting app 4 Years Ago
- How to stream Browns vs. Jets on Monday Night Football Today 7:00 AM
- What are anons? Today 6:30 AM
- How to stream Eagles vs. Falcons on Sunday Night Football Today 6:00 AM
- How to stream ‘Power’ season 6, episode 4 Today 5:00 AM
- How to stream WWE’s Clash of Champions 2019 Saturday 8:00 PM
- How ‘F*ck off Scotland’ became a Scottish rallying cry amid Brexit madness Saturday 6:28 PM
- A Missouri officer resigned after his Islamophobic Facebook posts surfaced Saturday 5:08 PM
- Adding ‘Triggered’ to stock photos of white men creates Netflix comedy special thumbnails Saturday 3:10 PM
- New restaurant in New York has a seriously unfortunate name: ‘Qanoon’ Saturday 1:38 PM
- These are the 10 best ‘Star Wars’ ships Saturday 12:41 PM
- Google Maps helped solve a decades-old missing persons case Saturday 12:27 PM
- Teen who plotted deadly swatting prank over Call of Duty argument gets prison time Saturday 11:58 AM
- RIP to the real star of ‘Stranger Things’: Steve Harrington’s mullet Saturday 11:04 AM
Hackers are deploying malware in smarter ways, new report shows
Hackers are using low-tech methods to deploy high-tech code—the perfect storm for security experts.
Cyberattacks grew more sophisticated in 2015 as hackers built better tools and reached targets with savvier techniques, according to a new report from the European Union’s information-security agency.
Malware, cyber espionage, and distributed denial-of-service (DDoS) attacks—which involve flooding a website with bogus traffic to overwhelm its servers—all increased in prevalence last year, while attackers moved away from botnets—networks of computers remotely commandeered to conduct attacks—and email spam.
Hackers also stepped up their use of exploit kits, pieces of software that exploit unpatched holes in commercial technology.
Rogue actors are also increasingly “performing persistent attacks based on hardware, far below the ‘radar’ of available defence tools and methods,” the report said. Attacks that are hard to detect are commensurately hard to mitigate, which has led to unique concerns about these below-the-radar attacks.
The massive report from the European Union Agency for Network and Information Security (ENISA) also identified an interesting shift in the secret delivery of infected software. Whereas hackers used to sneak malware onto computers by infecting email attachments, they now prefer to infect webpages and get people to click those URLs.
The report attributed this shift to a new focus on social engineering, the process of posing as a trusted party to convince someone to do something they otherwise might hesitate to do.
“Sending malicious objects via e-mail attachments has declined in recent years,” the report’s authors wrote. “Instead, social (Facebook) scams, downloaders, redirects and phishing are gaining in importance.”
“A manipulation or vulnerability included in a delivered [electronic] component by a supplier can be used as backdoor to numerous prospective (malicious) uses within industrial systems,” the report warned.
Elsewhere, the report cited a news article about the unintended consequences of secret National Security Agency backdoors in commercial technology, echoing one of backdoor opponents’ key arguments against their installation.
Hackers have achieved continued success through a combination of simple and sophisticated tactics, the report found. They have used the low-tech approach of social engineering to deliver high-tech, increasingly complex malware. This approach offers twin advantages: It avoids basic security sweeps by using a low-tech delivery method, then escapes detection by relying on code that security software has not yet encountered.
Current trends are not looking good for Internet security. Experts say that companies “have made only modest gains” in fighting hackers in the past two years, while a security firm said on Monday that 27 percent of all known malware was created in 2015.
To improve detection and mitigation of cyber threats, the ENISA report’s authors urged governments to “foster voluntary reporting [of cyber threat data] and perform analysis of reported incidents and recycle results for better planning of defenses.”
Congress recently passed, and the Department of Homeland Security is in the process of implementing, a law meant to ease the sharing of such data between the public and private sectors.
Illustration by Jason Reed
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.