Cybersecurity attack vectors continue to shift rapidly

A new report from Malwarebytes, a provider of endpoint security software, indicates that cybercriminals are mixing up the attack vectors they employ in the hope that cybersecurity professionals will become complacent once they learn how to mitigate a specific type of attack vector.

Not surprisingly the report finds that last year witnessed a major spike in ransomware attacks. Ransomware attacks aimed at business increased 90 percent, compared to a 93 percent increase in attacks against consumers.

Based on telemetry data continuously gathered by Malwarebytes, the report finds ransomware against consumers went up more than 93 percent while ransomware against businesses increased 90 percent. Between July 2017 and September 2017, there was a 700 percent increase in ransomware, according to Malwarebytes’ telemetry. The two families of ransomware employed most often by cybercriminals were GlobeImposter and WannaCry.

But while September saw the largest volume of ransomware attacks against businesses ever documented, Adam Kujawa, director of malware intelligence for Malwarebytes, says there was a sharp drop off in the volume of attacks beginning in the Fall.

“That was a bit of shocker,” says Kujawa. “We had to run those numbers several times.”

The reason for that is simple economics. As more organizations and individuals put in place security technologies and processes to thwart malware, the return on investment (ROI) attached to ransomware attacks declined. Instead of ransomware, it appears cybercriminals are shifting back towards employing Trojans to steal data. Hijackers rose nearly 40 percent year-over-year, moving this threat to the most common threat detected against businesses in 2017. For example, the second half of the year marked an average of 102 percent increase in banking Trojan detections.

[clickToTweet tweet="The average IT organization will need to improve #cybersecurity. At a bare minimum, organizations should be implementing two-factor authentication as an alternative to password credentials that are easily compromised" quote="The average IT organization will need to improve cybersecurity. At a bare minimum, organizations should be implementing two-factor authentication as an alternative to password credentials that are easily compromised."]

At the same time, the volume of adware increased 132 percent year-over-year, making up 40 percent of consumer threat detections. Adware is second-most detected threat, finds the report. Malwarebytes attributes most of these attacks to a handful of active adware developers focusing on Windows, macOS and Android systems.

But even though most cybersecurity activity seems to be focused on known types the threats, the Malwarebytes report notes new styles of attacks are gaining some favor. Malwarebytes claims it blocked an average of eight million drive-by mining attempts per day in September 2017 alone.

Kujawa says most attacks are relying on either social engineering techniques or relatively low-tech methods of delivering payloads such as exploit kits that are readily available on the Dark Web. Usage of distributed denial of service (DDoS) attacks to cripple cybersecurity defenses to make it easier to deliver those payloads is a rising concern, adds Kujawa. In the coming year, Kujawa says Malwarebytes is also expecting to see a sharp increase in the number of attacks being launched against endpoints that are part of large-scale Internet of Things (IoT) projects.

The average IT organization will need to improve their cybersecurity game. At a bare minimum, organizations should be implementing two-factor authentication as an alternative to password credentials that are easily compromised, says Kujawa.

Clearly, there’s going to be no rest for the cybersecurity weary in 2018. But if its any consolation at all, progress in terms of thwarting most common types of attacks in the last few months appears to have been significant.