Malware Tactics Shifted "Significantly" in 2017
When it comes to malware, 2017 saw a significant shift in attack methodology, a distinct evolution in the predominant attack tools and a distinct divergence in the types of attacks against businesses from attacks against consumers, according to research from Malwarebytes.
Malwarebytes' Cybercrime Tactics and Techniques: 2017 State of Malware report shows sharp increases in malware-based cybercrime, including ransomware, banking Trojans, spyware, adware, cryptocurrency miners and others. Ransomware was the tool of choice, though, spiking more than 93% against consumers and 90% against businesses.
"Between July 2017 and September 2017, there was a 700% increase in ransomware, with just two families making up most of that statistic," states the report, which is based on the company’s internal data from its systems and customers. The first, GlobeImposter, increased 341% from July to August 2017, while the second, WannaCry, increased 375% from August to September 2017.
In all, the monthly rate of ransomware attacks increased up to 10 times the rate of 2016, with September 2017 having the largest volume of attacks against businesses ever documented.
It wasn’t all ransomware though: 2017 also saw a massive increase in the malicious use of cryptominers.
“Alongside a sudden cryptocurrency craze, bad actors have started utilizing cryptomining tools for their own profit, using victim’s personal computers in the process,” the firm said in the report. “This includes a significant increase of miners through compromised websites…, malicious spam and exploit kit drops, and adware bundlers.”
Malwarebytes blocked an average of 8 million drive-by mining attempts per day in September 2017.
Meanwhile, cybercriminals continued utilizing banking Trojans and hijackers to steal data from businesses, with the second half of the year marking an average increase of 102% in banking Trojan detections. Hijackers rose nearly 40% year-over-year, moving this threat to the most common threat detected against businesses in 2017.
On the consumer front, the overall threat volume against consumers rose 12% last year, with worms and ransomware moving into Malwarebytes’ top 10 types of threats for this segment. The volume of adware increased 132% year-over-year, making up 40% of consumer threat detections (up from less than 20% in 2016). That makes it Malwarebytes’ second-most detected threat, despite fewer adware families in the mix. Most of the work is being done by a handful of active adware developers for Windows, macOS and Android, the firm added.
“Ransomware continued to dominate in 2017, with this tool of choice for hackers increasing 90% from the previous year,” said Marcin Kleczynski, Malwarebytes CEO. “What cybercriminals could not hold for ransom, they stole from businesses. For example, spyware is up 30% and hijackers are up 40%. Each year, we spend countless hours providing analysis on the methodologies, tactics and tools being used by cybercriminals to help our customers and partners protect against the most rampant and prolific threats affecting businesses and consumers worldwide.”
He added, “The last year has certainly thrown us a few curve balls, with massive ransomware attacks, changes in malware distribution and the significant increase in cryptocurrency miners,” said Kleczynski. “With 2018 just getting started, these findings can help pave the wave for increased awareness, C-level participation and enhanced technologies to better protect both consumers and businesses.”
Source: Information Security Magazine