The focus of cybercriminals is moving away from consumers, to businesses, as the best target with the highest returns, according to a report on malware in 2018 by a cyber product company.
Adam Kujawa, Director of Malwarebytes Labs, said 2018 began with threat actors: diversifying their cryptomining tactics; broadening their reach to Android, Mac and cryptomining malware; and experimenting with new innovations in browser-based attacks. “While cryptomining died down by the second quarter, a new set of threats took its place: information-stealers. Trojans, especially Emotet and TrickBot, were top business detections across verticals and around the globe.”
The report detailed that while cryptomining died down by the second quarter, a new set of threats were information stealers. These former banking Trojans, especially Emotet and TrickBot, evolved into droppers with multiple modules for spam production, lateral propagation through networks, data skimmers, and even crypto-wallet stealers. These variants of malware focused their energies on ensnaring businesses, gleaning the most profit from sensitive data that could be sold on the black market.
Last year saw a shift in ransomware attack techniques. Instead of the one-two punch of malvertising exploits which delivered ransomware payloads, threat actors engaged in targeted, manual attacks. Browser-based security became even more important, as rogue apps and extensions fooled users and app stores alike, worming their way past security reviews in Google Play, iTunes, and official web stores.
Whether massive data breaches or ransomware attacks that brought critical infrastructure to a halt, businesses last year experienced what consumers have been dealing with for years, but on a much larger and more dangerous scale, according to the report. Major businesses, including Facebook, Marriott, Exactis, MyHeritage, and Quora were penetrated, with hundreds of millions of customers affected.
Comment
Gavin Millard, VP of intelligence at Tenable, said: “We are seeing an uptick in malware simply because attackers know it works. Cybercriminals are unlikely to change their tactics given what’s working at the moment is going after the low hanging fruit. While we might see malware variants increasing, be it a Trojan, riskware tool, backdoor or spyware, the way to nullify all is to patch the vulnerabilities they leverage.
“The reality is that organisations are failing to practice basic cyber hygiene or address their Cyber Exposure leaving known vulnerabilities unpatched and ready for exploit. However, that’s easier said than done. Enterprises must triage an ever increasing number of critical vulnerabilities daily, with flaws favoured by attackers falling through the cracks.
“Instead, we need to focus on the vulnerabilities that matter. Attackers love a Flash, Microsoft or WordPress flaw as, given the number of systems in use, the law of averages say that a weaponised exploit has a high probability of yielding results. Finding and fixing the flaws that pose the most risk (ie. weaponised vulnerabilities) is critical to improving an organization’s Cyber Exposure.
“The answer is there’s lots organisations can do to protect themselves from threats, so it’s not hopeless. When looking at the majority of recent breaches, nearly all can be traced back to either an exploitation of known vulnerabilities in unpatched systems (via either targeted or malware campaign), an abuse of authentication caused by poor identity management practices, or a combination of both.
“To reduce the risk of a business impacting cyber event occurring, organisations must focus on practicing the fundamentals of strong cybersecurity: they need to have good visibility into what assets are connected to their networks, determine where they’re vulnerable as this is the route an attacker is likely to take, implement robust two factor authentication and then either patch or protect assets that matter.”
