Malwarebytes study reveals 80% rise in malware detections targeting businesses

Malwarebytes, the advanced endpoint protection and remediation solutions developer, has published its third annual State of Malware Report which analyses the top malware threats from January until November 2018 and compares them with the same period in 2017. The report identifies a sharp increase in business-based malware detections, including a more than 100% increase in Trojan, riskware tool, backdoor and spyware activity. Overall, the research shows that cyber criminals are finding businesses to be the best target with the highest returns.

“2018 was action-packed from start to finish,” said Adam Kujawa, director of Malwarebytes Labs. “It began with threat actors diversifying their cryptomining tactics, broadening their reach to Android, Mac and cryptomining malware and experimenting with new innovations in browser-based attacks. While cryptomining died down by the second quarter, a new set of threats took its place, namely information-stealers. Trojans, especially Emotet and TrickBot, were top business detections across verticals and around the globe.”

Malware authors pivoted in the second half of 2018 to target organisations over consumers, recognising that businesses provided a bigger pay-off. Overall, business detections of malware rose significantly over the last year – by 79% to be exact – primarily due to the increase in back doors, miners, spyware and information-stealers. The biggest increases came from Trojans (132%), riskware tools (126%), back door malware (173%) and spyware (142%).

Top Ten countries

The United States, the UK, Germany, France and Australia all finished in the Top 10 countries with the most business detections. The Asia Pacific region saw massive increases in back door malware and the use of exploits against their endpoints.

Education, Government, manufacturing and healthcare were the top industries impacted by the top malware of the year: Trojans. When focusing on the Trojan category to look at its top family (namely Emotet), the industries shift. Education, manufacturing and hospitality top the list.

The current trends with Trojans are likely to continue, while there are opportunities for criminals to exploit weak configurations and outdated assets. However, the greater concern is the copycats and new generations of families that are likely to dominate 2019 across verticals and around the globe.

Emotet and TrickBot “spread like wildfire”

The fall-out from the ShadowBrokers leak of NSA exploits in 2017 continued as cyber criminals used the Windows Server Message Block vulnerabilities EternalBlue and EternalRomance to spread dangerous and sophisticated Trojans such as Emotet and TrickBot.

In fact, information-stealers were the top consumer and business threat in 2018, as well as the top regional threat for North America, Latin America and Europe, the Middle East and Africa. These information-stealing variants of malware focused their energies on ensnaring businesses, gleaning the most profit from ultra-sensitive data that could be sold on the black market for re-targeting in future campaigns.

Despite the focus on business targets, consumer malware detections stayed close to being flat year-on-year, mainly thanks to increases in back doors, Trojans and spyware malware categories throughout 2018. While 2017 saw nearly 800 million consumer detections overall, 2018 brought with it about 25 million fewer instances of infection.

While the research shows an increase in malware detections against consumers at the end of 2017, this was primarily because of the flood of cryptocurrency miners being deployed in a large scale early in the year.

Ransomware still a force

Ransomware isn’t the wide-ranging threat it was back in 2017, but it’s still a force. Overall, trends show a drop in volume for the year, but an increase in focused and sophisticated attacks aimed at businesses. Indeed, the main spike in numbers has been in the realm of the workplace.

“We experienced another very active year for malware that shows no sign of abating,” said Marcin Kleczynski, Malwarebytes’ CEO. “Attackers continued to shift their methodologies to follow the payload. We saw evidence of this with the strong focus on attacking businesses with insecure and unpatched networks. From massive data breaches through to ransomware attacks, businesses are experiencing what consumers have been dealing with, but on a larger scale. In the coming year, we’ll be dedicated to providing the cutting-edge protection and remediation tools needed for protecting the world against the most dangerous malware now and well into the future.”

*Download the full Malwarebytes document

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts