Content uploaded by Pooja Kamat
Author content
All content in this area was uploaded by Pooja Kamat on Sep 01, 2018
Content may be subject to copyright.
9781138571303_Book.indb 242 28/06/18 1:34 PM
243
Chapter 10
Recent Trends in the
Era of Cybercrime
and the Measures
to Control Them
Pooja Kamat and Apurv Singh Gautam
Symbiosis Institute of Technology
Symbiosis International (Deemed University)
Contents
10.1 Introduction ............................................................................................ 244
10.2 Recent Trends in Cybercrimes ..................................................................245
10.2.1 Steganography ..............................................................................245
10.2.2 Next-Generation Malware ........................................................... 246
10.2.2.1 Virtual Machine Awareness ............................................247
10.2.2.2 Polymorphic Malwares ...................................................247
10.2.2.3 Encrypted Malwares .......................................................248
10.2.2.4 Sleeping Malwares ..........................................................248
10.2.3 Next-Generation Ransomware ......................................................248
10.2.4 Social Engineering Attacks ........................................................... 250
10.2.5 IoT and Articial Intelligence in Cybercrime ................................251
10.3 Preventive Measures to Curb Cybercrimes ............................................... 253
10.3.1 General Measures .........................................................................253
10.3.2 Defense against Steganography Crimes.........................................253
9781138571303_Book.indb 243 28/06/18 1:34 PM
244 ◾ Handbook of e-Business Security
10.1 Introduction
e recent advancements in technology have made mankind dependent on the
Internet to a large extent. e Internet has found a place in our everyday lives in
terms of communication, online shopping, storing data, online reservation, gam-
ing, etc. However, this overdependency on the Internet has given rise to a number
of cybercrimes. Cybercrimes is a general term wherein the computer is either a tool
or a target or a medium of communication for carrying out criminal activity. is
might include crimes such as phishing, credit card fraud, electronic hacking, distri-
bution of viruses, and other such wrongdoings. It also covers the traditional crimes
in which computers or networks are used to enable the illicit activity. Figure 10.1
illustrates the cybercrime cloud.
10.3.3 Curbing Malware .........................................................................254
10.3.4 Firewall .........................................................................................254
10.3.5 Measures against Ransomware .....................................................254
10.3.6 Guard against Social Engineering Attacks ....................................255
10.3.7 Guard against AI and IoT Attacks ................................................ 255
10.4 Conclusion ............................................................................................... 255
References .........................................................................................................256
Figure 10.1 Cybercrimes.
9781138571303_Book.indb 244 28/06/18 1:34 PM
Recent Trends in the Era of Cybercrime ◾ 245
10.2 Recent Trends in Cybercrimes
10.2.1 Steganography
Steganography is the art of hiding and transmitting data, including photo, video,
and audio, through apparently innocuous carriers. Steganography hides the mes-
sage, so there is no knowledge of the existence of the message in the rst place [1].
If a person views the object, then he or she will have no idea if there is any hidden
information; therefore, the person will not attempt to decrypt the information.
Steganography is not really a new method, as it has been in use since the times of
ancient Rome. It can be used in both positive and negative ways. Nowadays, steg-
anography is being used in advanced ways for illegitimate purposes. e steganog-
raphy process is depicted in Figure 10.2.
In today’s digitally connected world, sensitive private information is transferred
through various digital platforms for everyday tasks such as nancial transactions [2].
It is therefore imperative for the users to be aware of steganography used for mali-
cious purposes. e attacker may hide the malicious code within a legitimate looking
le which, when executed, takes control of the target machine. e digital steganog-
raphy application is used to steal sensitive information by sending the information
to fraudsters outside the organization without anyone’s knowledge [3].
Cyber criminals use steganography techniques to encode malicious scripts
into pictures or crafted webpages to smuggle malware through rewalls into the
system under attack [4]. On successful running of the malicious script, the con-
trol commands order a victim’s machine to obtain executable code from remote
servers, which allows an outsider to gain access to local les within the compro-
mised network.
Secret
message
Cover
Estimate of
secret
message
Stego system
encoder
Key
Stego system
decoder
Original
cover
Stego object
Communication
channel
Figure 10.2 Steganography process.
9781138571303_Book.indb 245 28/06/18 1:34 PM
246 ◾ Handbook of e-Business Security
e advantage of steganography is being taken by more and more malware
authors in a number of ways, hiding encrypted information inside JPEG images
and sending out of an infected network easily bypassing content ltering [5].
Recently, an exploit kit known as Stegano was discovered, which hid malicious
code in pixels of banner advertisements that were put up on high-prole websites.
In this malvertising campaign, malware authors hid malicious code inside trans-
parent PNG images’ Alpha channel (dening transparency of each channel) by
altering the transparency value of several pixels [6]. It is then displayed as an adver-
tisement on several high-prole websites.
Malicious steganography is not limited to geographical boundaries. e motive
of this is to hide the malicious code to help it to access the system and break the
security. Given the rise of digital usage, one has to be aware and careful of this
trend.
10.2.2 Next-Generation Malware
Malware, or malicious software, remains one of the most pressing problems our
society is facing today. As technology advances and there is an onset of new devices,
new vulnerabilities and challenges in the security of information technology (IT)
come along. e number of malware-related attacks keeps increasing day by day.
As the malware industry grows, more people are trying to nd out the vulner-
abilities in software and system congurations. Software vendors neglect security
and validation of software for rapid development of software. ey push secu-
rity patches, but the upgrades are applied slowly because of the manner in which
upgrades are handled at corporate level. e struggle between attackers and vendors
is destined to be never-ending.
It is clear that cyber criminals have evolved adaptive next-generation malware
that is capable of bypassing the defense systems used in many organizations. It is
capable of sensing sandboxing environments and is mutating like a biological virus.
e next-gen malware is becoming more aware and adaptive to evade behavior
detection.
Malware as a Service (MaaS) is creating market for malicious software [7]. is
service provides customers with access to exploits, botnets, and creation and distri-
bution of malware. In a way, attackers are outsourcing malware service for a price.
e market for malware is growing rapidly. ere are many new ways in which
next-gen malware is evolving to avoid detection. Figure 10.3 illustrates the MaaS.
First level: e elite individuals or groups are a set of general researchers who
write malware and develop exploits.
Second level: ese are spammers, botnet owners, distributors, and hosted sys-
tem providers. ese people are skilled but not always elite. Here, the distribution
is handled.
ird level: ese are fraudsters, middlemen, and nancial data providers.
9781138571303_Book.indb 246 28/06/18 1:34 PM
Recent Trends in the Era of Cybercrime ◾ 247
ese three levels fall under the umbrella of MaaS which can be sold and pur-
chased as an entire package or individual services by a vendor.
10.2.2.1 Virtual Machine Awareness
Previously, malware could be discovered by sandboxing or isolating it in a virtual
environment that would mimic a company’s desktop systems. While they are in the
sandbox, the suspect les are examined. If the le shows malicious behavior, then
the le is marked as malicious. But an increasing number of attackers are creating
malware that can detect when they are being opened in a virtual environment. If
the malware senses that it is being opened in a sandbox, then it will disguise itself
by getting into dormant state.
e malware does this in one of the two ways. One way is to look for any
human interaction with the malware; if there is no human interaction, then it will
presume that it is a sandbox and go into dormant state. e other way is checking
for drivers like virtual drivers and entries in registry.
10.2.2.2 Polymorphic Malwares
Malware les are being morphed and mutated like a virus to escape signature-based
antiviruses. e process is used by hackers to change some letters, inserting few
Elite group
Distributors
Money fraudsters
D
Figure 10.3 Malware as a service.
Source: Webroot Threat Blog.
9781138571303_Book.indb 247 28/06/18 1:34 PM
248 ◾ Handbook of e-Business Security
extra bits, and recompiling the code to generate lots of variants. In this way, every
time a le is presented, it looks dierent.
10.2.2.3 Encrypted Malwares
Malwares are being encrypted using suitable encryption like SSL (Secure Socket
Layer), as it is not decoded or detected by network security systems, and thus hack-
ers nd it easy and eective to build communication tunnels between embedded
malware and remote C&C (Command & Control) servers.
10.2.2.4 Sleeping Malwares
Malwares are also programmed to be inactive until activated on a specic date. It
may be analyzed but is not considered malicious as it is in a dormant state.
ere are many new ways of distributing malwares, and among those malver-
tising is widely used [8]. It is the prime target for malware distribution as most of
the websites on the Internet are supported through advertisements. e attackers
utilize this and spread malicious advertisements into large mainstream webpages
such as of Forbes, Daily Motion, and MSN.
Each platform faces its own challenges, and it is really dicult to respond to
any particular platform in the same way as for other platforms. Each platform is
vulnerable to every malware category that is found on any other platform [9].
10.2.3 Next-Generation Ransomware
Ransomware is a type of malware that encrypts your le until you pay a ransom.
e criminals provide step-by-step instructions on how to pay and sometimes also
oer a helpline for victims who are unsure of how to pay in bitcoins. ey design
cheap-enough prices so that people pay instead of giving up. Figure 10.4 depicts the
next-gen ransomware technique.
Ransomware is at the forefront of any discussion about security today, and we
are sure to encounter even more advanced ransomware in the future. e basic
process of ransomware is that it generally revokes access to the victim’s endpoint
or encrypts data before prompting the victim to pay a ransom to regain control.
ese ransomware attacks have grown drastically more frequently in recent years.
It exploded into a billion-dollar industry since 2016. is high amount of money is
creating a gold-rush atmosphere for cyber criminals who are releasing new ransom-
ware variants into the market. Ransomware targets both consumers and businesses,
but the number of attacks directed at organizations is growing at a more rapid pace.
Every 10 seconds, a consumer gets hit with ransomware, and every 40 seconds, a
company gets hit with ransomware. ere are more number of attacks on a com-
pany as it represents a much bigger potential payday.
9781138571303_Book.indb 248 28/06/18 1:34 PM
Recent Trends in the Era of Cybercrime ◾ 249
e fth generation of ransomware is knocking our doors [15]. ese future ran-
somwares may have the ability to detect any encryption protection tools installed
on the targeted system. ey may also try to disable the specic protection layer so
that they can advance toward their malicious objective. We also expect ransomware
attacks to be individually targeted in the near future.
According to security experts, ransomware cyber criminals tool in about $1
billion last year includes more than $50 million each for the three wallets associated
with Locky ransomware, Cryptowall close to $100 million, and CryptXXX gath-
ered $73 billion. Furthermore, it is getting dicult to track the amount of money
owing into criminals [21].
Everything is becoming a computer in this era, including microwave, refrig-
erator, car, television, national power grids, etc. All these devices are connected
to the Internet and becoming vulnerable to ransomware and any other computer
threats [16]. It will be only a matter of time before people get messages on their car
screens saying that the engine has been disabled and pay some amount in bitcoins
to turn it back on or pay some amount to get into your house tonight.
Intelligent ransomware are being created with added capabilities [17]. It allows
the cryptoware to ood the outgoing network bandwidth both before and after
encryption. is would enhance the threat. is attack technique could be espe-
cially impactful in large organizations.
Ransomware infects
more PCs in the network
Intelligent ransomware
wi
th added capabilities
Attacker collects
company
email addresses
INITIAL
RANSOMWARE-
INFECTED PC
SPAM
DATA UPLOAD
MALICIOUS WEB
LOCATION
COMPANY NETWORK
INTERNET
SLOWDOW
N
INTERNET
It also enlists
them into a
botnet
Figure 10.4 Next-generation ransomware.
9781138571303_Book.indb 249 28/06/18 1:34 PM
250 ◾ Handbook of e-Business Security
10.2.4 Social Engineering Attacks
Social engineering is an art of manipulating people so that they give their conden-
tial information. e types of information the criminals seek can vary, but when an
individual is targeted, the criminals usually try to trick him or her into giving them
his or her passwords or bank information, or access his or her computer to secretly
install malicious software [22]. A newer method of social engineering has been in
the market. e focus of the newer attacks is to penetrate a hoax that will cause
recipients to respond in ways in which they inict self-damage on their computer
systems and then spread this hoax to dierent recipients. is type of virus hoax is
often called “email worm.”
Figure 10.5 depicts a typical social engineering lifecycle. It begins with iden-
tifying the victim and investigating his/her background. Research is then under-
taken to identify a suitable attack method. During the hook period, the victim
is further engaged and the attacker tries to gain full control of the interaction.
During play, the attacker executes the attack and disrupts the business. Finally
at exit, the attacker closes the interaction ideally without arousing suspicion and
removes all traces of malware. e attacker then begins the cycle to identify the
next victim.
Sulfnbk.exe hoax was a mistake made by a computer user. e investigation of
this virus started when someone’s PC was attacked by Magistr worm. is worm
spreads itself through email attachments with executable les.
ese types of hoaxes work because the information in it is really sounding
enough to guarantee faith and that the sender is a known person. ose vulnerable
to such attacks are individuals who have less knowledge of a computer and its appli-
cations. Most people with a desire to be helpful pass on the information without
considering its safety.
Only such people, those suering from what is classied as “false authority
syndrome,” fall prey to such attacks. e people suering from false authority syn-
drome are those who think that they know about computer virus and spread false
information about it but have no genuine experience.
Social engineering continues to be an increasing attack vector for the propaga-
tion of malicious programs. e attack vector is a combination of psychological
Research Hook Play Exit
Figure 10.5 Social engineering attack lifecycle.
9781138571303_Book.indb 250 28/06/18 1:34 PM
Recent Trends in the Era of Cybercrime ◾ 251
and technical ploys that includes luring a computer to execute a malware and also
combining any existing technical countermeasures [24].
e attackers have moved their bases to countries that have less stringent
laws that govern the mass mailings, i.e., spam. ey infect computers in these
countries and then use it to send out spam and malware to millions of machines
worldwide [25]. As there is lack of detection and remedy tools, the computers
remain infected for long periods of time and are used to spread the malware. Once
the malware is spread, they perform two major activities in the infected computers:
(1) they combat existing protection mechanisms, and (2) they continue to execute
by opening backdoors or installing key loggers.
Social engineering malware have also succeeded in disabling antivirus software
and blocking attempts to go to the Microsoft’s website for patches of Windows
systems. Social engineering is majorly used today to spread ransomwares. ese
ransomwares are intelligent next-gen-type ransomwares.
ere are dierent types of social engineering attacks like baiting, scareware,
pretexting, and phishing. Table 10.1 shows the dierence between the social engi-
neering attacks.
Even though computer systems are becoming more and more secure through
better software development and testing, they are easily subverted by hackers using
social engineering techniques. Technology and security policies alone cannot evade
social engineering attacks, and they are useful only if adopted and accepted by
people in the organization.
10.2.5 IoT and Articial Intelligence in Cybercrime
In today’s world, not only our computers and smartphones provide potential access
points for an attacker but also other connected infrastructure projects in our homes
and streets, which just takes a weak link to compromise an entire network. e
number of IoT devices is set to hit 15 million by 2021, predicted by a security
research rm Juniper [26].
Consumers and businesses are already reaping the benets of these IoT devices,
ranging from wearable healthcare devices that monitor vitals to intelligent heat-
ing systems. is wave in connected devices has created an opportunity for cyber
criminals. Generally, IoT devices are built with aordability in mind rather than
with security in mind. is in turn provokes cyber criminals to penetrate into IoT
devices and thus increases the population of legacy devices that remain unpatched
and forever vulnerable to attacks.
Automated vehicles are hackable as your smartphone can be used as a weapon.
An estimated 1.3 million people die every year in road accidents, but after utiliz-
ing this attack, it could be used by black hat hackers for political assassinations.
Major damage in the case of IoT devices is related to healthcare. Security aws
have been found in cardiac debrillators, which could be accessed by hackers. Even
hospitals are good targets for ransomwares, and these types of attacks will increase
9781138571303_Book.indb 251 28/06/18 1:34 PM
252 ◾ Handbook of e-Business Security
Table 10.1 Comparative Analysis of Social Engineering Attacks
Baiting Scareware Pretexting Phishing
Denition It uses false promises to
pique victims greed or
curiosity and steals their
personal information or
infect their system with
malware
It involves victim being
bombarded with false
alarms and ctitious
threats. They are
deceived to think their
system is infected with
malware, promising
them to install software
that is malware itself.
Attackers obtain
information through a
series of cleverly crafted
lies. Attacker starts by
establishing trust with
the victim. They ask the
victim questions to gain
important personal
information.
These are emails and text
messages aimed at
creating a sense of
urgency, curiosity, or
fear in victims. It then
prods into revealing
sensitive information by
clicking on links to
malicious websites.
Attack vector Physical media such as
pen drive.
Browser of mobile or
desktop.
People that are being
lied to.
Email or SMS containing
malicious links.
Examples Attackers leave the bait
typically malware-
infected ash drives to
be picked up by
someone.
Legitimate-looking
popup banners in the
browser that will
redirect to malicious
site.
Getting personal
information such as
social security number
and phone records by
lying to the victim.
Email sent to the user of
an online service alerts
them of a policy
violation requiring
immediate action.
9781138571303_Book.indb 252 28/06/18 1:34 PM
Recent Trends in the Era of Cybercrime ◾ 253
in the future. Cases have been seen in which hackers hold patient data hostage,
directly endangering the lives of patients. One can only imagine what will happen
if a hacker gains access to life-sustaining devices like pacemakers. is is a real
scenario for which cybersecurity professionals must prepare for.
Machine learning and articial intelligence (AI) have also seen a vast increase
of cyber threats recently. Machine learning is used as a support for cyberattacks.
ere have been instances where the attacks have coincided with the travel dates of
businessmen, which increases the odds of cyberattacks. Malicious machine learn-
ing algorithms could be made by cyber criminals to pick targets more precisely and
with greater levels of success.
Cyber criminals are working on new techniques for getting through the secu-
rity of established organizations, having access to everything from IP addresses to
individual customer information. ey can cause damage, disrupt sensitive data,
and steal intellectual property. Hackers are executing their attacks in more sophis-
ticated ways which are harder to defeat. It is really dicult for anyone to tell which
type of attacks will emerge after 5 or 10 years.
Although organizations pay a hefty amount of money on cybersecurity soft-
ware and services, the incidence of attacks keeps increasing. With increasing IoT,
more entry points are being made, which in turn will increase the potential for
damage. Hackers will use innovative techniques including IoT hacks, ransomware,
and AI to launch even more attacks.
10.3 Preventive Measures to Curb Cybercrimes
Protective measures are necessary when these types of security trends keep on
increasing. Dierent trends of cybercrime require dierent approaches to be taken,
which needs to be discussed here.
10.3.1 General Measures
Protection against malicious digital les can be done by scanning PCs regularly for
questionable software. One should not open emails or download attachments from
unknown senders or sources. OS updates and patch downloads should be enabled
regularly to keep the OS protected against latest vulnerabilities and exploits.
10.3.2 Defense against Steganography Crimes
e best defense against steganography is to prevent infection in the rst place. A
strong security practice would be active monitoring of system and strong access
control to your data. Also, updated software, apps, and antiviruses should always
be used.
9781138571303_Book.indb 253 28/06/18 1:34 PM
254 ◾ Handbook of e-Business Security
10.3.3 Curbing Malware
Security researchers have designed next-generation analysis techniques that identify
and neutralize malware. ey block new and unknown threats and also grade the
risk of each thread. New malware pieces are dissected constantly to understand
how they operate. After dissecting malwares, security researchers create an algo-
rithm that can analyze and recognize malicious behavior when it occurs. Every
company and individual should know which hardware they are using and whether
it comes from trusted sources. Education of users is necessary in preventing mal-
ware attacks, as many users do not understand the risks associated with the tech-
nology. It is necessary for IT administrators to vet carefully all applications on the
network before installing on trusted devices.
10.3.4 Firewall
A complete network separation should be established between trusted and
untrusted devices. Trusted devices should be behind a rewall IT policy should
be kept in mind before performing any major changes in the system. A next-
generation rewall software has been released by Forcepoint which adds support
for the new cloud-based malware detection service. e entire department on an
enterprise level should keep their system up to date with patches without com-
promising the functionality of a proprietary system. Figure 10.6 depicts next-
generation rewalls.
10.3.5 Measures against Ransomware
With ransomware attacks becoming more prevalent, we should urge everyone to
separate levels of access accurately and use dierent logins to manage your net-
work’s security. Everyone should know that ransomware only needs one admin-
istrator’s credential to spread across the entire network. Network admins should
Application based filtering
Lower administrative cost
Better QoS
Easier to identify threats
Identify
ing network traffic by user
Groups
Inspection of SSL/SSH traffic
NEXT-GENERATION FIREWA LL
Figure 10.6 Next-generation rewall.
9781138571303_Book.indb 254 28/06/18 1:34 PM
Recent Trends in the Era of Cybercrime ◾ 255
focus on patching as a key proactive security layer. Trac ltering should be used
as an extra security measure against ransomware. More importantly, every user
should be educated and be familiar with baseline cybersecurity measures.
A backup policy should be kept in place, and backups should be conducted
on a regular basis. Backups are critical in ransomware recovery and response.
Ransomware detection should be integrated in the data-backup technology of every
company.
10.3.6 Guard against Social Engineering Attacks
Social engineering attacks are going hand in hand with ransomware attacks. e
key is to recognize the threat. We should always compare the communication
received with past experiences and industry standards before giving out any valu-
able information. Emails should be checked for online social scams. Every com-
pany should secure third-party services holding critical parts of your business.
Consultation should be taken from IT administrators and security experts about
countermeasures and monitoring process. Organizations should protect themselves
by blocking suspicious communications with spam lters and by educating end
users about security practices. Always keep an eye for typos, redirected links, and
other tricks to lure innocent and unaware people.
10.3.7 Guard against AI and IoT Attacks
AI is used to perform cybersecurity tasks to stop cybercrime. AI identies poten-
tial threats using machine learning by reviewing data from millions of lines of
code every day. AI cybersecurity system will become a valuable tool for protecting
against attacks using machine learning. More and more people should be educated
on the IoT and AI security perspective.
10.4 Conclusion
e cybercrime landscape has grown in parallel with software and emerging tech-
nologies like AI and IoT. It adapts new techniques and strategies for targeting
industries. e inherent cat-and-mouse game between cyber criminals and security
researchers has existed for years with no sign of stopping.
Administrators all across the industries need to protect their devices from cyber-
crimes. ey should focus on keeping OSs and security up to date and harden their
infrastructure against open vectors of attack. Infrastructure security solutions are
evolving with an increase in the threat of data breaches. Network defenders should
stay aware of the new patches, security advancements, and state of cybercrimes to
help them face any new challenges against security.
9781138571303_Book.indb 255 28/06/18 1:34 PM
256 ◾ Handbook of e-Business Security
References
1. Kumar, Pramendra, and Vijay Kumar Sharma. Information Security Based on
Steganography & Cryptography Techniques: A Review. International Journal 4, no.
10 pp. 246–250 (2014).
2. Navhind Times. Keeping Cyber Crime in Check: Beware of Steganography.
June 28, 2015 www.navhindtimes.in/keeping-cyber-crime-in-check-beware-of-steg-
anography/.
3. Kevin Lonergan. How Cyber Criminals Are Using Hidden Messages in Image
Files to Infect Your Computer, Information Age. June 27, 2015 www.information-
age.com/how-cyber-criminals-are-using-hidden-messages-image-les-infect-your-
computer-123459881/.
4. John Leyden. Intruder Alert: Cyber ugs Are Using Steganography to Slip
inMalware Badness, e R egister. August 8, 2014 www.theregister.co.uk/2014/08/08/
malware_steganography/.
5. Pierluigi Paganini. Hackers Used Data Exltration Based on Video Steganography,
Security Aairs. November 29, 2014 www.securityaairs.co/wordpress/30624/cyber-
crime/hackers-used-data-exltration-based-video-steganography.html.
6. Mohit Kumar. Hacking Millions with Just an Image, e Hacker News. December
6, 2016 https://thehackernews.com/2016/12/image-exploit-hacking.html.
7. Blue Coat Systems. Defeating Next-Generation Malware with Next-Generation
Analysis. 2014 www.symantec.com/content/dam/symantec/docs/white-papers/next-
gen-malware-analysis-en.pdf.
8. SentinelOne. Critical Features of Next-Generation Endpoint Protection, Part
Two: Dynamic Malware Detection. July 13, 2016 www.sentinelone.com/blog/
critical- features-next-generation-endpoint-protection-part-two-dynamic-malware-
detection/.
9. Ralf Benzmuller. Malware Trends, GDataSoftware. October 4, 2010 www.
gdatasoftware.com/blog/2017/04/29666-malware-trends-2017.
10. JP Buntix. Top 5 Ma lware Trends for Q1, e Merkle. April 1, 2017 https://themerkle.
com/top-5-malware-trends-for-q1–2017.
11. Homeland Security. Malware Trends, ICS-CERT, NCCIC. 2016 https://ics-cert.
us-cert.gov/sites/default/files/documents/NCCIC_ICS-CERT_AAL_Malware_
Trends_Paper_S508C.pdf.
12. WeLiveSecurity. e Year in Security: Trends 2017. January 4, 2017 www.
welivesecurity.com/2017/01/04/year-security-trends-2017/.
13. Kate Cohen, Michael Viscuso. Customer Case Study: Stonewall Kitchen Prevents
a New Trend in Malware with Carbon Black, Carbon Black. July 10, 2017
www.carbonblack.com/2017/07/10/customer-case-study-stonewall-kitchen- prevents-
new-trend-malware-carbon-black/.
14. Virginia Satrom. Forcepoint Advanced Malware Detection to Next Generation
Firewall, Force Point. April 4, 2017 www.forcepoint.com/newsroom/2017/forcepoint-
adds-advanced-malware-detection-next-generation-rewalls-0.
15. Morten Kjaersgaard. Prediction: the Next Generation of Cyber Attacks as
Shaped by the Top 3 Evolutionary Trends, Heimdal Security. August 10, 2016
https://heimdalsecurity.com/blog/prediction-next-generation-cyber-attacks-shaped-
top-3-evolutionary-trends/.
9781138571303_Book.indb 256 28/06/18 1:34 PM
Recent Trends in the Era of Cybercrime ◾ 257
16. Larry Loeb. An Evolving reat: Ransomware in 2017, Security Intelligence. 2017
https://securityintelligence.com/an-evolving-threat-ransomware-in–2017/.
17. Jonathan Crowe. Ransomware Trends and Forecasts, Barkly. February, 2017 https://
blog.barkly.com/new-ransomware-trends–2017.
18. Trac y Rock. Ransomware Statistics 2016–2017: A Scary Trend in Cyberattacks,
Invenio IT. February 27, 2017 http://invenioit.com/security/ransomware-statis-
tics-2016/.
19. Jonathan Barkly. 2017 Trends in Ransomware: 5 Disturbing Predictions, Spiceworks.
February 21, 2017 https://community.spiceworks.com/topic/1967355-2017-trends- in-
ransomware-5-disturbing-predictions.
20. Bruce Schneier. e Next Ransomware Attack Will be Worse than WannaCry,
Schneier on Security. May 16, 2017 www.schneier.com/essays/archives/2017/05/
the_next_ransomware_.html.
21. Maria Korolov. Ransomware Took in $1 billion in 2016—Improved Defences May
Not Be Enough to Stem the Tide, CSO Online. January 5, 2017 www.csoonline.
com/article/3154714/security/ransomware-took-in-1-billion-in-2016-improved-
defenses-may-not-be-enough-to-stem-the-tide.html.
22. Shelly A. Waltz. Recent Trends in Social Engineering and Hoaxes—Destroy
Yourself, GIAC. 2002 www.giac.org/paper/gsec/2056/trends-social-engineering-hoaxes-
destroy/103545.
23. Trend Micro. Ethereum Classic Wallet a Victim of Social Engineering. July 4,
2017 www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/
ethereum-classic-wallet-a-victim-of-social-engineering.
24. Abraham, Sherly, and InduShobha Chengalur-Smith. An Overview of Social
Engineering Malware: Trends, Tactics, and Implications. Technology in Society 32,
no. 3 (2010): 183–196.
25. Tamlin Magee. Cybersecurity Trends 2017: Malicious Machine Learning, State-
Sponsored Attacks, Ransomware and Malware, Computer World UK. January 2, 2017
www.computerworlduk.com/security/cybersecurity-trends-2017-malicious-machine-
learning-state-sponsored-attacks-ransomware-3652298/.
26. Charles McLellan. Cybersecurity in an IoT and Mobile World: e Key Trends.
June 1, 2017 www.zdnet.com/article/cybersecurity-in-an-iot-and-mobile-world-the-
key-trends/.
27. EY. Cybersecurity and the Internet of ings. 2 015 www.ey.com/Publication/
vwLUAssets/EY-cybersecurity-and-the-internet-of-things/$FILE/EY-cybersecurity-
and-the-internet-of-things.pdf.
28. Ulf Mattsson, David Morris, Mandeep Khera. Trends in IoT Cyber Attacks, Bright
Talk. September 13, 2017 www.brighttalk.com/webcast/14723/260163/2017- trends-
in-iot-cyber-attacks.
29. Private Tunnel. 6 Malware and Hacking Trends to Watch Out for in 2017. 2017
www.privatetunnel.com/home/6-malware-and-hacking-trends-2017/.
30. AT Kearney. VR, IoT, AI and Hacks: Digital Trends and emes of 2017.
January, 2017 www.atkearney.in/paper/-/asset_publisher/dVxv4Hz2h8bS/content/
id/10960083.
9781138571303_Book.indb 257 28/06/18 1:34 PM
9781138571303_Book.indb 258 28/06/18 1:34 PM