Story image

2017’s threat landscape report shows ransomware epidemic

30 Nov 2017

2017 is rapidly drawing to a close with Christmas just around the corner – and what a year it has been for cybercriminals.

Bitdefender recently released its Global Threat Landscape Report for 2017, that delves into what has been an incredible year with some of the most high-profile and defining moments for some time.

The cybersecurity heavyweight is constantly monitoring its global network of more than 500 million sensors and honeypots for emerging threats or low-key cyberattacks that try to fly under security products’ radar.

The report is built off this aggregated data that the company asserts enables it to paint an accurate picture of what is happening in the industry.

BitDefender says these next-gen targeted attacks are reshaping the corporate and government security landscape in addition to fall-out in the consumer space as commercial cybercriminals adopt leaked exploits and advanced lateral movement technologies into their own payloads.

Ransomware emerged as the most frequently encountered threat (again) with the number of new major ransomware families (with dozens or even hundreds of variations per family) in 2017 surpassing 160.

The most prolific ransomware strain is Troldesh / Crysis, with hundreds of sub-variants seen to date. GlobeImposter, another extremely prolific ransomware family, competes head-to-head with Troldesh in the number of released sub-variants.

“The commercial malware ecosystem is intensely focused on developing and planting ransomware,” the report states.

“Our stats show that one in six spam e-mail messages comes bundled with some form of ransomware (link to drive-by download sites, attachments rigged with ransomware or even JavaScript/VBS downloaders for ransomware).”

According to Bitdefender, this year also saw the reemergence of Qbot (also known as Brresmon or Emotet) which has been around for years as a multi-purpose, network-aware worm with back door capabilities.

Its new incarnation has a significant redesign of the command and control infrastructure with a cloud-based polymorphic engine that allows it to take a virtually unlimited number of forms to avoid AV detection.

Furthermore, ransomware that is specifically targeted at companies is now a ‘thing’ with organisations facing extremely targeted attacks that abuse the Remote Desktop Protocol to connect to infrastructure, then manually infect computers.

Ransomware like Troldesh and GlobeImposter are now equipped with lateral movement tools to enable them to infect the organisation and log clean-up mechanisms to cover their tracks.

“Crypto-currency miners have taken multiple shapes and approaches in 2017,” the report states.

“Traditional illicit coin miners have rushed to adopt lateral movement tactics such as the EternalBlue and EternalRomance exploits, allegedly originating from the NSA, to infect computers in organizations and increase mining efforts.”

Bitdefender says one of the main drivers of this category is the Monero miner Adylkuzz, which appeared in early May around the same time as WannaCry. The report states another notable development is cybercriminals’ move to integrate mining code in compromised websites to reach a broader audience and increase the mining yield.

Looking ahead, Bitdefender says the developments of this year will continue in the new year.

“After years of focusing on individuals, malware authors will increasingly target enterprises and networks of computers,” the report states.

“Lateral movement will become standard in most malware samples, either via password-grabbing utilities like Mimikatz, or by exploiting wormable vulnerabilities.”

Bitdefender expects the threat landscape to remain faithful to the malware with the best pay day – ransomware, banker Trojans and digital currency minors, but these threats will undergo major changes in the way they perform.

Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."
D-Link hooks up with Alexa and Assistant with new smart camera
The new camera is designed for outdoor use within a wireless smart home network.
Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."