World Population Day and Cybersecurity

Community Team Member

World Population Day, started by the United Nations on July 11, 1989, seeks to shine a light and a beacon of hope on the human condition. The LIVEcommunity at Palo Alto Networks takes a look at our expanding human condition—population growth—to see how more people on earth affect our digital way of life. Are we secured and protected as we grow further from the safety of the earth we know into a cyberspace we're only getting to know?


As of April, 2019, the world’s global population was estimated at 7.5 – 7.7 billion. And it’s a population on the move, with air travel, foot travel, and all manner of people-moving in between, transporting and translocating great masses of humans to every far-flung corner of the world. Every second, a few of us die, but in that same second, four new humans also take their first breath, turn towards us, and ask if their digital world is secure.


If you’re new to cybersecurity or a bit more casual about doubling down on security the way some of your peers might be, now is the time to reconsider the hazards of a relaxed or deferred approach to prevention and protection. Think back to the days of Kevin Mitnick, author of Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker, and his insistence upon being a looky-loo, enjoying a supreme and thorough satisfaction at just cracking the code and getting in. Those days are long gone.


World Population Day 2019 Assessing Cybersecurity.png


The youthful naivete that could once cry "uncle" and "innocence" is a thing of the past. On the matter of safety and security in our digital world, greed has inextricably entered into the equation.


"Breaking in" is rarely its own reward. With social engineering, it’s more like "walking in" where the requirement is to make a deposit of malware and steal somebody else’s pot o’ gold. 


How do such antics play out in a world that keeps adding people, and what can those people do to bring more safety and security into their cyber lives?


We turned to our own Unit 42, Threat Intelligence at Palo Alto Networks, to see how our predictions for 2019 now measure up against a few of the biggest heists and breaches this year. 


Ryan Olson, Vice President of Unit 42, predicted that 2019 would bring:

  1. More attacks with the eventual goal of cryptocurrency mining.
  2. An increase in business email compromise (BEC) attacks.
  3. More email-based attacks that use malicious macro code.

Let’s take a closer look at how each prediction has played out this year on our steady march to World Population Day on July 11.


Unit 42 description and prediction #1

Contributions from a few bad characters

Cryptocurrency mining is the process through which currencies like Bitcoin are created.

In May, Dutch police arrested a former entrepreneur for fraud after alleging he conned investors in a fake Bitcoin (BTCmining operation out of €23 million ($25 million).

The “mining” process involves racing to perform a series of calculations to solve a cryptographic problem.

In February, a Thailand-based scam managed to lure 140 people to stump up funds, which ultimately totaled around $1.34 million. Scams beyond mining also persist with Bulgarian OneCoin rumored to have gained $4 billion. July may see the return of the notorious BitConnect Ponzi Scheme.

The person who wins the race is awarded a block of coins, and the more CPU power someone can throw at those calculations, the better their chance at winning.

In June, Iran attributed an unusual spike in electric energy consumption on illicit cryptocurrency mining. Cryptocurrency mining in the country has resulted in instability in the power grid.

Unit 42 thinks 2019 will see an uptick in attacks where the eventual goal is cryptocurrency mining.

See the extensive analysis of BabyShark by Unit 42. Part 2 of the investigation discloses the purpose of this malware.


large-scale cryto scams 2019.pngSource:


Unit 42 description and prediction #2

Contributions from a few bad characters

Business Email Compromise (BEC) is a class of attack where a cybercriminal targets a company or organization, typically small to mid-sized, that has a relatively large bank account.

BEC, also known as spear phishing, CEO fraud, and invoice fraud, had been reported in all 50 states and 150 countries, with global losses exceeding $12 billion.

The attacker targets the email account of a high-level executive through spear phishing or a malware-related email.

Over $800,000 was stolen from the City of Griffin, Georgia, by scammers in a BEC attack by redirecting two transactions to their own bank accounts.

After gaining access, they look at the account very closely to learn how this person might transfer money or might be impersonated.

At a UK school in April, researchers spear-phishing with test attackers were able to “reach [...] personal information, override financial systems and access research databases,” often in less than an hour.

The attacker then tricks the victim or the victim’s business partners into transferring tens of thousands of dollars into a bank account.

A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions, having been sent to only specific anti-money laundering contacts.


Unit 42 description and prediction #3

Contributions from a few bad characters

Malicious Macro Code in Word or Excel asks users to click the “enable content button.”

Unit 42 has identified two methods to deliver the KerrDown downloader to targets. One is using the Microsoft Office Document with a malicious macro.

When the user does this, it infects the user’s computer with malware.

Aagah campaign: A single email sent on March 27 has a Word document attached with a file name Activity.doc. When this file is opened, it attempts to trick the user into enabling content to allow macros to run.


Of course, it would be misleading to suggest that activities like cryptocurrency mining, email compromise, or malicious macro code exist and operate independently. Devastating attacks can be achieved through the use of combined methods.

  • First, using business email compromise or spear fishing to get into an organization
  • Then using malicious macros to proliferate
  • While using victim hosts for malicious activity, such as financial gain based on cryptocurrency mining 

BabyShark, for instance, satisfies every criterion for cybersecurity predictions of 2019 and lays bare the complexity of this particular malware, researched in detail by Palo Alto Networks Unit 42.


baby_shark_malware.pngBabyShark malware – just bad news all around. Satisfies every criterion of 2019 predictions from Unit 42.


Unit 42: New BabyShark Malware Targets US National Security Think Tanks

BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PcRAT 


The goal is no more to arrive at the front door of the unsuspecting and the unprotected. Now, the malware has to come inside, bring the entire family–uninvited–try every bed, chair, and porridge, compel all the neighbors to come, then hold them all hostage. Don’t forget to steal all the jewelry, towels, and cryptocurrency, then bury a calling card in an obscure, formerly iron-clad universe once rumored impenetrable and unsinkable, like the famed Titanic. Catch me if you can, but this ship is sinking fast.


But, not all is lost at sea, or to cryptocurrency, malware, or some ill-gotten gain. Unit 42 stays in hot pursuit of the perpetrators and malware makers, reading every signpost, following the trail, and unraveling the complexities of threats faster than the speed of "morph and multiply." Your LIVEcommunity also keeps you in the loop about the latest Palo Alto Networks technologies and best practices. Secure the ship, secure the enterprise, and secure the cloud.


Every second, four new humans breathe for the first time, turn towards us, and ask if their future, too, is secure. Tell them it is. Most assuredly, tell them it is.


See Also

World Population Day 2019: The Financial Future


Unit 42 Sources

Palo Alto Networks Unit 42

Cyberthreats in 2019: The Trends That Will Continue to Move Upward

New BabyShark Malware Targets U.S. National Security Think Tanks

BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PcRAT

Aggah Campaign:, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign

Tracking OceanLotus’ new Downloader, KerrDown


Other Sources of Information

The Bitcoin Bite: Iran Says Power Grid Hit By Cryptocurrency-Mining Surge

Police Arrest Dutch Cryptocurrency CEO in Rumored $25 Million Fraud Case

Business Email Compromise: Operation Wire Wire and New Attack Vectors

Trend Micro: Business Email Compromise

Over $800,000 Stolen by Scammers in Atlanta Area City BEC Fraud

Security Intelligence: Spear Phishing Report Card Perfect Scores in School Security Pen Testing

Sharpen Your Focus on Spear Phishing Attacks in 2019


Ask Questions Get Answers Join the Live Community