Report reveals the dangers and trends of malware through 2018

cyber-attack

Last year, the arrival of the EU’s General Data Protection Regulation sent shockwaves through the world of data protection.

Big corporates registered record-breaking data breaches, while pre-GDPR transgressions such as those committed in the Facebook/Cambridge Analytica scandal fell under heightened scrutiny of a more privacy-conscious age.

But as the global drive to protect user data has intensified, so too has the struggle against cyber-criminals whose efforts to infiltrate databases are becoming ever-more sophisticated.

Malware has been singled out as one of the fraudsters’ weapons of choice, and Britain now ranks third in the world in terms of the number of business threat detections and consumer detections.

The issue falls into the focus of a new study conducted by Malwarebyte’s State of Malware 2019, which compares the months between January and November 2018 with the same period in 2017.

Below are the top ten takeaways that the report reveals about the state of malware in 2018.

1. Make way for cryptominers
Ransomware was dethroned in the first half of 2018 to make way for a massive wave of cryptominers, following a meteoric spike in Bitcoin value at the tail end of 2017. Threat actors seemingly abandoned all other forms of attack for experimentation in this new technique, spanning from desktop to mobile; Mac, Windows, and Android operating systems; and software- and browser-based attacks. Cryptomining detections increased by seven percent year over year—a small percentage overall, as the second half of the year was slow for this threat.

2. The year of the mega breach
Unlike the ransomware plagues that were indicative of 2017, there were no major global outbreaks in 2018. Instead, it was the year of the mega breach. Major businesses, including Facebook, Marriott, Exactis, MyHeritage, and Quora were penetrated, with hundreds of millions of customers affected. The number of compromised records increased by 133 percent in 2018 over the previous year.

3. Ransomware gets tricky
In 2018, we saw a shift in ransomware attack techniques. Instead of the one-two punch of malvertising exploits which delivered ransomware payloads, threat actors engaged in targeted, manual attacks. The shotgun approach was replaced with brute force, as witnessed in the most successful SamSam campaigns of the year.

4. Businesses take a hit
Malware authors pivoted in the second half of 2018 to target organisations over consumers, recognising that the bigger payoff was in making victims out of businesses instead of individuals. Overall business detections of malware rose significantly over the last year—79 percent to be exact—and primarily due to the increase in backdoors, miners, spyware, and information stealers.

5. Consumer detections fall by marginal percentage
Despite the focus on business targets, consumer malware detections only decreased by three percent year over year, thanks to increases in backdoors, Trojans, and spyware malware categories throughout 2018. While 2017 saw 775,327,346 consumer detections overall, 2018 brought with it about 25 million fewer instances of infection—a healthy decrease in number, percentages aside.

6. SMB vulnerabilities spread Trojans like wildfire
The fallout from the ShadowBrokers’ leak of NSA exploits in 2017 continued, as cybercriminals used SMB vulnerabilities EternalBlue and EternalRomance to spread dangerous and sophisticated Trojans, such as Emotet and TrickBot. In fact, information stealers were the top consumer and business threat in 2018, as well as the top regional threat for North America, Latin America, and Europe, the Middle East, and Africa (EMEA).

7. Malspam replaces exploits as the favorite attack vector
The exploit landscape became a bit barren by the end of 2017, with many of the kit creators locked behind bars. As a result, threat actors returned to an old favorite—malspam—which replaced exploits as the major delivery mechanism for threats in 2018.

8. Rogue extensions and malicious apps appear in legitimate webstores
Browser-based security became even more important, as rogue apps and extensions fooled users and app stores alike, worming their way past security reviews in Google Play, iTunes, and the official web stores for Chrome, Firefox, Safari, and others with sneaky social engineering tactics.

9. Attacks on websites steal user data
The criminal group Magecart was behind a series of high-profile attacks on ecommerce websites, stripping credit card information and other Personally Identifiable Information (PII) from payment platforms in plain text and in real time.

10. Sextortion scams
And finally, major scams for the year capitalised on stale PII from breaches of old. Phishing emails were blasted out to millions of users in extortion (or in some cases, sextortion) attempts, flashing victims’ old, but potentially still viable, passwords and warning them that they’d expose their secrets if they didn’t pay up.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.