Thingbots to Robinhoods: 8 Weird & Wacky New Cyberthreats

The proliferation of digital devices might make it easier to access information than ever before, but it’s also helped bad actors do some pretty strange things. Take a look at these 8 highly unusual cyberthreats and ask yourself if your current attack surface is large enough that you’d fall prey to one. Some are shockingly destructive while others might just deserve a quick chuckle.

1. Windows API Exploits

Just like skillful application programmers, the developers of the so-called WastedLocker malware system have harnessed the power of the Windows API to access main memory from behind a buffer. The only problem is that they’re not doing it to serve you a spreadsheet or a help file. Rather, this attack uses memory-mapped I/O techniques to encrypt client data. Due to the fact that it uses a standard application interface, most users might not even be aware of the fact that anything is amiss.

2. Cryptojacking & Mining Exploits

If you’re looking at that subheading and asking yourself “just what is cryptojacking anyway?”, then you’re not alone. This is a new kind of attack that involves a bad actor injecting a script into a piece of discrete physical hardware when a user clicks an illegitimate link. This script then starts to mine for cryptocurrency tokens using the client’s microprocessor. In some cases, clearing a browser cache is enough to mitigate the problem.

3. more_eggs Archive Attacks

According to a report from eSentire, computer crackers connected with an organization sometimes called the Golden Chickens have been engaged in a malicious campaign that preys on those looking for a new job. Basically, these exploits involve a new form of social engineering where text messages are sent to an established professional that claims to offer them an academic or technical position. The message itself includes a spring-loaded zip archive containing a fileless piece of malware called more_eggs, which can allow arbitrary code execution on a device.

4. Vulnerable Driver Hijacks

In general, drivers and other pieces of middleware are often forgotten about by end-users. One ransomware family known as Robinhood uses a digitally signed legitimate driver to harness this forgotten part of the operating system to encrypt files with a nearly unbreakable algorithm. It looks like the operating system allows the driver to do whatever it wants because it has a legitimate digital signature and therefore appears to be a normal system update.

5. Stack Overflow Attacks

According to cybersecurity firm Aura, someone becomes a victim of identity theft every 10 seconds. How many of them would suspect that something called the zip of death could lead to their personal information ending up in the wrong hands? This is basically a new version of an old type of attack where people compress a large amount of junk data so that they can fill up a storage device really quickly. However, older forms of this attack were simply annoyances that could be dealt with by resetting a machine. New versions are designed to cause soft lock scenarios where some byte overflows a system stack and therefore briefly allows arbitrary code execution before a machine goes down for the count.

6. Thingbot Networks

Back in 2013, security researchers came up with a hypothetical type of cyberthreat that targets Internet-connected refrigerators they named after a Ghostbusters villain. If that wasn’t weird enough, it looks like this kind of attack is actually starting to become common. Thingbots are basically IoT devices that have been compromised and now operate the same way that PCs do when they’ve joined a botnet. This kind of attack could turn everything from a smart thermostat to a virtual assistant into a dedicated spy that sends data back to a remote command and control center.

7. Mobile System Hijacking

Software piracy has been talked about for decades, but what happens when hijackers get a literal pirate ship? That’s the question being asked by victims of a series of Ryuk ransomware outbreaks that impacted maritime computer systems operated by the USCG among others. Since mobile networked computers are often vulnerable and aren’t tied to land, they’re a very alluring target. To make matters even worse, they’re in a location that seldom has a group of IT personnel around.

8. Purposeful Malware Self-infections

Have you ever considered infecting a machine with malware for fun? Those behind the live malware repository do just that, though it’s usually done from inside of a virtual machine. Considering that there’s everything in this repository from Android to OS X malware, however, it’s possible that security researchers could really mess up a disk image. It wouldn’t be surprising to hear some people are misusing these vintage malware tools either. Considering the proliferation of programs like DOSBox and BasiliskII for running classic computer games, it’s highly likely that people may inadvertently spread malware locked away in antique images stored on the Internet Archive and other related sites.

Who’d ever think that we’d be discussing a genuine self-replicating computer virus as though it were a legitimate security threat?

PKI-Security Engineer & security blogger at gbhackers.com. She is passionate about covering cybersecurity and Technology.

Leave a Reply