sb-au logo
Story image

Cryptolocker malware and ransomware threats on the rise

Cryptolocker malware and ransomware is increasing at a rapid rate, with these threats rising 167% over the previous quarter.

Positive Technologies, the enterprise security systems company, released its CyberThreatscape Q1, which revealed new data around infection via cryptolockers, an increase in the number of unique threats, an increasing number of hybrid Trojans, more attacks focused on data theft, and a decrease in cryptojacking.

Most notably, the data shows the cryptolocker infection rate has increased to 24% from 9% in the last quarter of 2018.

Cryptolocker attacks are commonly combined with phishing, due to the fact that hackers are finding new ways to manipulate targets and gain ransom from them. As these attacks become more sophisticated, victims of cryptolocker attacks also reachers a higher level - for instance state institutions.

Positive Technologies cyber security resilience lead Leigh-Anne Galloway says phishing emails aren’t only used to spread viruses as hackers become smarter and more efficient.

"Phishing emails are still one of the most popular and efficient ways of delivering malicious software. But that's not the only route of malware distribution by far.

“For instance, users download a lot of files from torrent trackers, which increases the risk of malware infection exponentially; also, using files that pretend to be movies, attackers have been able to distribute software for swapping addresses of Bitcoin and Ethereum wallets at the moment when data is inserted from the exchange buffer. These new methods of attack demonstrate how creative and sophisticated attackers are becoming,” Galloway says.

In addition to this, Positive Technologies’ research also showed that the number of unique threats increased by 11% from Q1 of the previous year. Comparatively, the share of targeted attacks dropped to 47% from 53% in the fourth quarter 2018.

Furthermore, since the start of 2019, there have been an increasing number of infections using multifunctional Trojans, or modular malware. These combine the functions of various types of malware for greater success. As an example, the DanaBot Trojan contains components for remote control and functions of a banking Trojan, and can also steal passwords from a number of applications.

The research also looked at what the cybercriminals were seeking first and foremost. The data shows that 54% of attacks are driven to gain information, from personal correspondence to commercial intel. Of the personal information, credentials, personal data, and payment card information are still the most valuable and sought-after, the research shows.

Victims are still a combination of individuals and businesses or organisations. The results showed individuals are still at 21% of all attacks, versus 22% in fourth quarter 2018.

When it comes to organisations, attackers most often hit government agencies (16%), medical institutions (10%) and industrial companies (10%).

The research also showed a drop in certain attacks. For instance, the number of attacks aimed at covert mining of cryptocurrency has decreased due to it becoming more complex and difficult. In Q1 of 2018, the share of miners rose as high as 23% yet in Q4 2018 it fell to 9% and in first quarter 2019 the share of cryptojacking was only 7%.

Story image
The SASE triangle: How a CASB protects managed apps
Enterprises that fail to adapt to the modern business world when it comes to security are likely to fall prey to data breaches and experience a host of other problems, writes Bitglass product marketing manager Will Houcheime.More
Story image
OT networks warned of vulnerabilities in CodeMeter software
Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Link image
Phishing campaigns aren't stopping - but neither are their opponents
COVID-19 is presenting the perfect opportunity to cyber attackers to mount potentially devastating spear-phishing campaigns against organisations via their remote workers. Learn how to fight back.More
Story image
APAC organisations struggle to find balance between digital adoption and cybersecurity
Organisations in the Asia Pacific (APAC) region are significantly concerned about security threats, but nevertheless are looking to advance operations through digital adoption.More