Malwarebytes’ Report Finds Criminals Focusing on Businesses
Malwarebytes Labs’ 2019 State of Malware report was released this week, bringing some good and bad news for businesses.
The good news is that ransomware—the scourge of 2017 for many businesses—dropped 26% overall in 2018. Many experts attribute the drop to improved awareness stemming from the global WannaCry and NotPetya attacks of 2017. Because of those attacks, many businesses became aware of the threat of ransomware and began taking steps, such as creating reliable offsite back-ups, to mitigate that threat. The increase in awareness made ransomware a less profitable endeavor for cybercriminals.
So, where did the cybercriminals turn? For a time, they turned to cryptojacking. Cryptocurrencies, such as Bitcoin, are “mined” by asking computers to use special programs to solve complex math equations. Successfully solving an equation “mines” a piece of the currency. The process is time-consuming, requires expensive equipment, and leads to severely inflated electric bills, which keeps the supply limited and the demand high.
Toward the end of 2017 and the start of 2018, the value of Bitcoin soared to almost $20,000 per Bitcoin. Cybercriminals followed the money and began employing cryptojacking malware instead of ransomware. Cryptojacking malware infects a user’s device and sets the device to task mining cryptocurrency for the criminal. Another method of cryptojacking is the “drive-by,” where cryptojacking script is hidden in a website. The user visits the infected website, and the script works quietly in the background. Either way, the cost of the mining—power usage, processor time, and hardware wear and tear—is passed on to an unsuspecting user who reaps none of the reward. For the victim, this results in a sluggish, slow device and potential overheating and damage to the device hardware.
The Bitcoin bonanza didn’t last, however, and cybercriminals changed tactics once again for the second half of 2018. First, they shifted their focus from individuals to businesses. Malwarebytes Labs’ researchers recorded a 79% increase in business malware detections for 2018. Why? Information. Businesses house a host of valuable information, and the top type of malware employed against businesses in 2018 was the information-stealing Trojan. Named for the Trojan Horse of Greek antiquity, a Trojan is malware that appears to be friendly, meaning legitimate and/or useful, but is really just a cover for malware. Cybercriminals use Trojans to gather information, such as customers’ login credentials and bank account information, that they then either sell on the Dark Web or use to create social engineering campaigns.
So what does all this mean for your business? First, employee awareness training is one of the wisest cybersecurity investments you
can make. Whether it’s ransomware, cryptojacking or Trojans, malware is primarily introduced to a device or system by the user, usually through a phishing email. Training employees on how to spot a phishing email is a valuable step toward reducing the risk of malware infection. Second, make sure your devices and systems are updated regularly. The two Trojans leading the pack in 2018, known as Emotet and TrickBot, rely on a known vulnerability in older Windows operating systems, so only unpatched, out-dated systems were affected. Keeping software and hardware updated and patched is another key step toward better protecting your business.
Ransomware: A type of malware that encrypts the victim’s files and demands a ransom, usually a payment in cryptocurrency, to “release” the files. One of the best methods of protecting against ransomware is simply to keep back-ups of all files in a separate location.
Phishing: An email that employs deception to trick the reader into downloading an attachment or clicking a link. The action typically results in malware being downloaded and installed or brings the reader to a fraudulent website where criminals will try to capture personal information.