The power of hindsight: looking back at 2019 attack predictions
Blog by Eward Driehuis, Chief Research Officer
Predicting the future, as far as we know, is quite impossible. However, by extrapolating graphs, looking at trends and a healthy dose of gut feeling, you might be able to say something about the likeliness of attacks evolving in a certain way.
In our 2018 Annual Security Report we didn’t shy away from the challenge. In this blog we’ll take a good close look at these predictions. Will the wisdom of hindsight offer awe or hilarity? Let’s dive in to the first prediction about criminal-to-consumer attacks.
Prediction 1: Criminal-to-consumer attacks will alternate between ransomware and cryptojacking.
In our annual report we predicted a strong correlation between Bitcoin price and preferred attack type. A high price means cryptojacking, and a low price means criminals resort to ransomware. The underlying logic is quite simple. A higher bitcoin price translates into higher profits directly, if you’re leveraging other people’s CPU’s for crypto mining. When bitcoin (or other electronic currency) price drops, proceedings drop accordingly. Luckily, criminals can revert to ransomware, and just increase their ransom demand. For example, they up their price from 0.05 BTC to 0.1 BTC.
The question is: have they? Short answer: kind of..
Let’s take a look at the numbers:
First let’s verify the 2018 trend. In January, cryptojacking starts strong, correlating with an historically high Bitcoin price (around $20,000). In December, the numbers all but dropped to zero, correlating with an over 80% Bitcoin value decrease (to around $3,500). So far so good.
In 2019, cryptojacking increases again, overtaking ransomware in March. Indeed Bitcoin started to increase in value again, but ever so slightly. In may Bitcoin value picks up, and in June/July it’s over $10,000 again. For the first time in 15 months, the correlation seems to break here, as ransomware, in May is still dominant and cryptojacking all but zero.
There is a little joke that a high Bitcoin price is good for business, as criminals will cryptojack organisations instead of mutilate their files. The joke only partly aligns to the data. In 2018, there was a clear inverse correlation between the two attack types, whereas in 2019 this was mostly lost. Perhaps the cost of running a cryptojacking operation only yields a return at truly high Bitcoin prices. Let’s not forget, in order to make money with (criminal) mining, you need tremendous numbers of CPU’s working for you. We are eager to see the numbers when Bitcoin breaks through the $20,000 ceiling.
And finally, the reality is criminals will put enormous amounts of efforts in financial social engineering attacks. For consumers, romance fraud, non-payment / non delivery frauds and investment frauds are a nuisance.There’s an evolution in newer attack types such as website skimming too. In other words, there’s more that just malware or browser based attacks.
So, looking back at the prediction, within the boundaries of malware attacks to consumers, for 12 months, the inverse correlation between ransomware and cryptojacking was pretty strong. In 2019 however, it’s growing weak. On top of this, malware attacks are only part of the consumer focused threats. They are 2 chapters in a bigger story.
Our prediction, in other words, sounded better in December 2018 than in July 2019.
Realizing this, we humbly bow our heads and vow to still do it again for 2019. because where’s the fun in not trying?