Where Will Malware Hit Next

Part of the job of a malware researcher is to try and predict what will be hit next. These predictions are based on past attacks on different institutions, the discovery of malware on certain systems, 0days (a bug that gives you 'zero days' to patch it) and where they are found, and many, many more.

Since the beginning of 2017, I've been certain that sooner or later, the education system will be hit. This isn't just because it is an astronomically large institution, but it is also contains so much valuable information. Student, both current and past, have their social-security numbers, contact information, payment information (to pay tuition), current student loans, address, and the list unfortunately rolls onward.

My other estimation, which I'm already starting to see come to fruition is the attack on POS (point-of-sale) systems in restaurants. Again, massive amounts of customer information accompanied by credit or debit card information. If done properly, the malware could also grab employees ID numbers to sign in.

Most restaurants run on specific POS systems that are deigned for restaurant use. Two of the more popular ones are Clover and Aloha. If an attacker knows how these specific pieces of software work, it is extremely easy to exploit. We just recently saw that 160 Applebee's locations had discovered malware on their POS terminals. This is just another portion of our economy in which we are starting to see threats of cyber attacks.

My last, and probably most frightening expectation is the banking system. We've seen it a little already, but the banking system, while being probably the most secure sector of the economy (probably even more secure than the government), can have very many flaws. Part of it is the easability to do anything banking related anywhere. Whether you're using a TD Ameritrade application on your iPhone, transferring funds from one US Bank account to another, a simple piece of malware could grab hold of these. My biggest fear is a smaller entity, like Mint or a small stock trading company being hacked. This could be catastrophic, and could very quickly spiral out of control. 

We recently saw something similar with the hack of Equifax. If I take of my white hat and put on my black one, it is a brilliant breach. Between May and July, the attack was carried out on the Equifax servers through an "unnamed U.S. website application vulnerability." It took until September for it to be publicly announced, which I think, in a somewhat conspiratorial way, was 100% intentional. August would've been a great time to sell those shares in Equifax, as the day after the announcement, their shares plummetted 13.7%.

UPDATE: Full disclosure, I started this blog two weeks ago. It started with simply the idea that I wanted to write about where I thought malware was headed. Over the ensuing few days, I wrote down a few ideas. Those ideas included what you read above. However, today, I saw two news articles. One article referencing a POS system attack[1] and another speaking about how I assumed that August would've been a great time to sell stocks. Again, today, a news article of the Equifax CIO getting indicted for insider trading[2]. With that, i will change my focus on the rest of this article, as it seems like I didn't post this article fast enough. It's still interesting enough to leave in here.

UPDATE 2: Let me start this by saying this blog has now been started for three weeks, but writing finals has kept me from finishing it, and boy am I regretting it now. At the top of this article, you read that I have expected the education system to get hit sooner or later. This morning, I got an email from my college, and guess what...they got hit by ransomware at midnight last night. I couldn't believe it. See the photos below that show the emails I received. The photo on the left is the initial email, the picture on the right is a followup. As you can see "Macs were not effected."

IMG_5614.jpg
IMG_5615.png

  It's A Wonderful Life (1946)

It's A Wonderful Life (1946)

Since I'm apparently in the right vein when it comes to predicting the future, and I swear to God that I actually wrote this before those stories, "I wish I had a million dollars. *flips cigar lighter* Hot dog!"

But I digress. Now I have to think what is next. Well, first, these aforementioned attacks are not going to end here. This is going to continue to be a larger and larger issue. This ransomware attack against the local university is the first one that's reached my ears, but I know it will not be the last. The education system is a prime entity for hackers to attack. The amount of information in the university system is unparalleled except by maybe the stock market, which is another place I think will be attacked. I read a book in Nelson DeMille's John Corey series, a fiction series, where the antagonist says that there isn't a point to physically attack Wall Street because they will do more damage themselves than an physical attack would. However, with the amount of information, both personal and banking, hovering around Wall Street, I could easily see Wall Street being subject to a future attack.

That being said, I better post this before an attack on Wall Street happens, and I have to do another update to this post.

Take care!

Stuart


1. New Pos Malware Pinkkite Takes Flight, Tom Spring - https://threatpost.com/new-pos-malware-pinkkite-takes-flight/130428/

2.  Senior Ex-equifax Executive Charged with Insider Trading, Dan Goodin - Mar 14, 2018 6:50 pm UTC - https://arstechnica.com/information-technology/2018/03/senior-equifax-executive-charged-with-insider-trading/