Bitdefender 2017 global e-threat landscape – key findings
Data breach statistics from aggregators globally paint a gloomy picture of the cyberspace we inhabit. More data records were leaked or stolen in the first half of 2017 than in all of 2016, and the future is looking just as bleak. Luckily, users have plenty of solutions to choose from to secure their data and privacy.
As 2017 draws to a close, Bitdefender is releasing a fresh set of data looking at the most prevalent cyber-attacks and the malware employed to conduct them. Chief among these e-threats: ransomware.
Taking the lion’s share as the most frequently-encountered threat, different ransomware families grew to 160+ this year alone, with dozens or (in some cases) even hundreds of variations per family. The most prolific ransomware strains this year were Troldesh / Crysis and GlobeImposter.
One in six spam e-mail messages comes bundled with some form of ransomware – either the malware itself is present in the email as an attachment, or the email copy contains a link to a drive-by download site. And ransomware specifically aimed at companies is now common.
WannaCry and GoldenEye, arguably the most publicized ransomware attacks this year, shut down entire businesses and disrupted global industries. Both leveraged what experts believe were NSA-developed cyberweapons leaked onto the underground web.
A key development in the 2017 threat landscape was the re-emergence of a multi-purpose, network-aware worm with backdoor capabilities that has been around for years.
Qbot (also known as Brresmon or Emotet) immediately springs to mind when one reads this description. Qbot underwent a redesign of the command and control infrastructure and, with a cloud-based polymorphic engine, it could shape-shift faster than AV solutions could detect it.
The crypto ‘gold rush’
As Bitcoin gained unprecedented momentum and ICOs sprung up like mushrooms after the rain, so did stealthy crypto-currency miners. Like their ransomware counterparts, illicit coin miners have incorporated wormable behavior (through exploits such as EternalBlue and EternalRomance), to spread laterally and infect entire networks of computers to increase mining efforts.
Monero miner Adylkuzz is the biggest name to crop up this year on the illicit crypto-mining market. Cryptocoin-hungry hackers also integrated mining code in compromised web sites this year, for similar purposes.
Application.BitdcoinMiner, for instance, is part legitimate miner and part hijacking code. Intercepting mining efforts to various wallets, the malware has been surreptitiously planted on tens of thousands of computers.
As far as Microsoft users are concerned, Bitdefender threat intelligence shows the United States is still the favorite destination for cyber-crime.
The US ranks first in the number of malicious incidents detected in 2017, with 18.5 percent of incidents detected by Bitdefender sensors. The US Windows threat landscape at a glance can be found below (Malware breakdown by detection name; Y-Axis represents percentages).
(Image 1: Windows malware breakdown 2017)
Android Trojan fever
One of the most prevalent Android malware families this year has been Android.Trojan.Downloader, accounting for more than 20 percent of attacks on the platform. Victims are tricked into downloading various fake apps that pose as legitimate Flash or Adobe updates, when in fact they are malware.
The second most-prevalent Android malware family is Android.Trojan.Rootnik, which is responsible for 9.34 percent of all attacks recorded on the mobile OS. Notorious for using gaining root access to infected devices, its purpose is to steal information and download additional malware, giving attackers a permanent foothold and full control over the device.
Android.Trojan.Dropper, another pervasive Android malware family, takes third place, with a 7.06 percent infection rate. A full breakdown of the top 10 Android malware threats this year can be found in the illustration below.
(Image 2: Android malware breakdown 2017)
Bitdefender experts predict an increase in zero-day exploits leaked from security agencies worldwide, and major changes to the way ransomware operates.
And although malware authors seem to increasingly target enterprises and networks, individual end-users are exposed to the same kinds of risks. For example, the number of malicious attachments in spam emails is expected to increase. Advanced polymorphic engines running in the cloud are being used by cyber-criminals to flood the market with unique variants of known malware in an attempt to fly under the AV radar.
For MacOS users, malware will likely focus on scareware tactics to bully victims into paying for useless tools.
And in 2018, we expect hackers use anti-machine-learning techniques more to avoid detection.
For the time being, the threat landscape remains faithful to the malware that bad actors monetize best: ransomware, banker Trojans and digital currency miners.
Visit bitdefender.com today to learn how you can counter the most pervasive threats to your cyber security.