In Q1, Malwarebytes’ cybercrime report suggests that Emotet, ransomware and Trojan attacks are on the rise against the enterprise
Cyber attacks against businesses — the consumer data collectors — are on the rise.
The cybercrime report from Malwarebytes has detailed the latest tactics employed by cybercriminals, based on proprietary data collected from millions of business and consumer users worldwide between January 1 and March 31, 2019 — Q1.
Alarmingly, but perhaps unsurprisingly, this cybercrime report for Q1 showed a significant rise in business ransomware detections (195%), along with continued momentum for Trojan variations by over 200%. But, a sharp decline in cryptomining was noted — perhaps a reflection on the gradual decline of the hype surrounding cryptocurrencies.
Described as a trusted authority on malware and threat analysis, Malwarebytes’ latest cybercrime report shows an increasing trend of cybercriminals targeting businesses, and in particular SMEs, whose limited resources make them prime targets.
According to the analysis, this shift away from consumer targets demonstrates that cybercriminals are focusing on higher value targets with heavier stores of consumer data over individuals.
SMEs face the greatest risk from attacks as overall business detections have grown 235%
“Consumers might breathe a sigh of relief seeing that malware targeting them has dropped by nearly 40%, but that would be short-sighted,” said Adam Kujawa, director of Malwarebytes Labs.
“Consumer data is more easily available in bulk from business targets, who saw a staggering 235% increase in detections year-over-year. Cybercriminals are using increasingly clever means of attack to get even more value from targets through the use of sophisticated Trojans, adware and ransomware.”
The true cost of cybercrime? $5.2 trillion apparently
The cybercrime report: it’s key findings
• Businesses are the prime target.
Overall, detections of threats to businesses have steadily risen. They increased by about 7% from the previous quarter, while consumer detections declined by nearly 40%. Compared to Q1 2018, business detections have skyrocketed 235%.
• Ransomware is back to business.
After sometime in the wilderness, following attacks such as WannaCry and NotPetya, ransomware has gained rapid momentum among business targets with an increase of 195% in detections from Q4 2018 to Q1 2019. Compared to the same time last year, business detections of ransomware have seen an uptick of over 500%, due in large part to a massive attack by the Troldesh ransomware against US organisations in early Q1.
It should be noted, that different geographies experience different types of attack and different levels of the same attack, as you can read here: Who’s taking malware seriously? SonicWall’s CEO has the answers.
Indeed, according to the cybercrime report: the US leads in global threat detections at 47%, followed by Indonesia with 9% and Brazil with 8%.
• Emotet also continues to target enterprises.
Emotet has made a total shift away from consumers, reinforcing the intent of its creators to focus on enterprise targets, except for a few outlier spikes. Detections of Trojans (Emotet’s parent category) on business endpoints increased more than 200% since Q4, and almost 650% from the same time last year.
Cyber security: Migrating data to prevent ransomware attacks
• Mobile Mac devices are increasingly targeted by adware.
While Mac malware saw a more than 60% increase from Q4 2018 to Q1 2019, adware was particularly pervasive, growing over 200% from the previous quarter.
• Exploit authors developed some flashy techniques.
A new Flash Player zero-day was discovered in Q1 and quickly implemented into popular exploit kits, including Underminer and Fallout EK, as well as a new exploit kit called Spelevor.
Commenting on the “definite shift” in the cyber security landscape, Marie Clutterbuck — CMO of independent data recovery specialist Tectrade — said “cybercriminals have changed their focus from consumers to businesses.
“Zero day attacks are on the rise and estimated to be a daily occurrence by 2021. This is largely down to digitisation within organisations and there’s more pressure on developers to deliver software faster – leaving systems vulnerable. This problem is exacerbated by hackers becoming more sophisticated, enabling them to bypass defences more easily.
“IT teams often prioritise stopping a breach occurring at all, but in today’s cyber climate a successful breach is inevitable. The most important aspect of cyber security is that businesses prepare for the worst and have effective data recovery and backup systems in place. Zero day recovery makes sure critical systems are down for as little time as possible. It’s often true that real damage from these breaches doesn’t come from the attack itself, but the resultant downtime after a breach – the time taken to become fully operational dictates the financial and operational fallout on a business.”
Not all bad news…
• Cryptomining against consumers is essentially extinct.
Marked by the popular drive-by mining company CoinHive shutting down operations in March, consumer cryptomining dropped by 79% for consumers compared to the same time period last year.
Seven existential threats to your organisations cyber defences in 2019
Mitigating the threat
In order to mitigate these shifting cyber security threats, Andrzej Baldin, VP – EMEA at Ivanti, suggests that “businesses must make sure they are implementing a back to basics and layered security strategy.
“Following an established security framework, such as the Center for Internet Security’s Critical Security Controls, can help companies establish a good cyber hygiene and focus their efforts on activities that will maximise their effect.
“The basic controls revolve around discovery, patch management, application control, privilege management and configuration management.
“The framework extends into foundational controls that are essential to protecting your environment, but give businesses a little less protection for their efforts. The framework also extends into organisational controls that have a higher cost to implement, but allow companies to mature into a more sophisticated security model that is managed from end to end to be more responsive and efficient. These additional layers of protection will reduce the risk of exposure.”