An annual “State of Malware” report published by Malwarebytes finds that some of the most notable patterns emerging in the past year are more sophisticated forms of multifunction cybersecurity attacks aimed specifically at businesses rather than consumers.
Adam Kujawa, director of Malwarebytes Labs, said that while malware in general has not advanced much in terms of how it is created or functions, cybercriminals are making use of distribution techniques developed by state-sponsored actors to create attacks that combine multiple types of malware. Those attacks increasingly are aimed at businesses, which last year saw an almost 80 percent increase in the number of attacks being launched, according to the Malwarebytes report.
Kujawa also said cybersecurity attacks have become a lot more diverse. For example, there has been a sharp increase in the number of attacks based on information stealers that rely on methods first seen in banking Trojans such as Emotet and TrickBot. Banking Trojans have evolved into so-called droppers with multiple modules capable of spam production, lateral propagation through networks, data skimmers and even crypto-wallet stealers, he noted. The primary goal is to capture sensitive data that could be sold on the black market. Other malware families have followed in the footsteps of Emotet and TrickBot, redirecting their focus toward obtaining a foothold in organizations whose networks are unpatched and insecure. The report also notes spyware detection has climbed significantly due to similar variants and families of Emotet and TrickBot identified in the wild. That’s another sign cybercriminals are focusing on information-stealing.
There have been several other significant shifts in types and styles of cybersecurity attacks in the last year. Ransomware was dethroned in the first half of 2018 as the top cybersecurity threat by a massive wave of cryptominers. However, those attacks fell dramatically in the second half of 2018 as the value of Bitcoin declined sharply.
In the meantime, cybercriminals launching ransomware attacks shifted away from malvertising exploits to deliver payloads in favor of manual attacks such as the SamSam campaign.
Much of that shift can be explained by the fact that many of the exploit kit creators are now in jail. As a result, cybercriminals have returned to malspam techniques to deliver their payloads.
The Malwarebytes report also noted rogue apps and extensions fooled users and app stores alike in 2018 by passing security reviews in Google Play, iTunes and the official web stores for Chrome, Firefox, Safari and others using social engineering tactics.
It’s also worth noting that there were no major global outbreaks of malware in 2018. Rather, it was the year of the mega breach. Major businesses, including Facebook, Marriott, Exactis, MyHeritage and Quora, were penetrated, involving hundreds of millions of customers. The number of compromised records increased by 133 percent in 2018 over the previous year, the Malwarebytes report notes.
Kujawa said going forward, Malwarebytes expects to see more social engineering attacks that are enabled by personally identifiable information (PII) embedded within a phishing attack that makes it easier to gain to access credentials. Those attacks will be amplified by the fact that most people reuse passwords across applications and systems, he noted.
It’s apparent that as cybersecurity attacks become more nuanced, cybersecurity professionals will be even more challenged to thwart attacks launched cybersecurity criminals that are becoming more wily with each passing day.