sb-au logo
Story image

2017’s threat landscape report shows ransomware epidemic

30 Nov 2017

2017 is rapidly drawing to a close with Christmas just around the corner – and what a year it has been for cybercriminals.

Bitdefender recently released its Global Threat Landscape Report for 2017, that delves into what has been an incredible year with some of the most high-profile and defining moments for some time.

The cybersecurity heavyweight is constantly monitoring its global network of more than 500 million sensors and honeypots for emerging threats or low-key cyberattacks that try to fly under security products’ radar.

The report is built off this aggregated data that the company asserts enables it to paint an accurate picture of what is happening in the industry.

BitDefender says these next-gen targeted attacks are reshaping the corporate and government security landscape in addition to fall-out in the consumer space as commercial cybercriminals adopt leaked exploits and advanced lateral movement technologies into their own payloads.

Ransomware emerged as the most frequently encountered threat (again) with the number of new major ransomware families (with dozens or even hundreds of variations per family) in 2017 surpassing 160.

The most prolific ransomware strain is Troldesh / Crysis, with hundreds of sub-variants seen to date. GlobeImposter, another extremely prolific ransomware family, competes head-to-head with Troldesh in the number of released sub-variants.

“The commercial malware ecosystem is intensely focused on developing and planting ransomware,” the report states.

“Our stats show that one in six spam e-mail messages comes bundled with some form of ransomware (link to drive-by download sites, attachments rigged with ransomware or even JavaScript/VBS downloaders for ransomware).”

According to Bitdefender, this year also saw the reemergence of Qbot (also known as Brresmon or Emotet) which has been around for years as a multi-purpose, network-aware worm with back door capabilities.

Its new incarnation has a significant redesign of the command and control infrastructure with a cloud-based polymorphic engine that allows it to take a virtually unlimited number of forms to avoid AV detection.

Furthermore, ransomware that is specifically targeted at companies is now a ‘thing’ with organisations facing extremely targeted attacks that abuse the Remote Desktop Protocol to connect to infrastructure, then manually infect computers.

Ransomware like Troldesh and GlobeImposter are now equipped with lateral movement tools to enable them to infect the organisation and log clean-up mechanisms to cover their tracks.

“Crypto-currency miners have taken multiple shapes and approaches in 2017,” the report states.

“Traditional illicit coin miners have rushed to adopt lateral movement tactics such as the EternalBlue and EternalRomance exploits, allegedly originating from the NSA, to infect computers in organizations and increase mining efforts.”

Bitdefender says one of the main drivers of this category is the Monero miner Adylkuzz, which appeared in early May around the same time as WannaCry. The report states another notable development is cybercriminals’ move to integrate mining code in compromised websites to reach a broader audience and increase the mining yield.

Looking ahead, Bitdefender says the developments of this year will continue in the new year.

“After years of focusing on individuals, malware authors will increasingly target enterprises and networks of computers,” the report states.

“Lateral movement will become standard in most malware samples, either via password-grabbing utilities like Mimikatz, or by exploiting wormable vulnerabilities.”

Bitdefender expects the threat landscape to remain faithful to the malware with the best pay day – ransomware, banker Trojans and digital currency minors, but these threats will undergo major changes in the way they perform.

Story image
Do not wait: Look at your IoT devices now
As millions of people become confined to their homes, the security of Internet of Things devices has never been so important.More
Story image
Acronis appoints new APAC General Manager and launches Partners Programme
One of Morarji’s first objectives has been to launch the new Acronis Partner Programmes in APAC, in which the Acronis team will help channel partners and managed service providers (MSPs) expand their portfolios and deliver fast ROI.More
Link image
Need better security now your workforce is remote? Get it for free
Remote working comes with all kinds of cybersecurity risks. Protect your business by leveraging multi-factor authentication, biometrics and push notification software for free.More
Story image
DDLS offers all courses remotely during COVID-19 lockdowns
“With Virtual Instructor-led Training, DDLS can provide training in the skills organisations require immediately, in order to maintain business momentum in these very troubled and demanding times.”More
Story image
PMT Security launches body-temp scanning solution for enterprise, Seadan to distribute
"It was a no-brainer for us to choose our trusted partners Seadan. We engaged and took advice from them during the decision-making process to find the best UNV product to bring to market."More
Download image
How a simple, secure authentication suite can help your business
Top-end secure authentication is more important than ever with cyber attackers taking advantage of enterprises in these uncertain times. Make sure you have the best protection.More