sb-nz logo
Story image

2017’s threat landscape report shows ransomware epidemic

30 Nov 2017

2017 is rapidly drawing to a close with Christmas just around the corner – and what a year it has been for cybercriminals.

Bitdefender recently released its Global Threat Landscape Report for 2017, that delves into what has been an incredible year with some of the most high-profile and defining moments for some time.

The cybersecurity heavyweight is constantly monitoring its global network of more than 500 million sensors and honeypots for emerging threats or low-key cyberattacks that try to fly under security products’ radar.

The report is built off this aggregated data that the company asserts enables it to paint an accurate picture of what is happening in the industry.

BitDefender says these next-gen targeted attacks are reshaping the corporate and government security landscape in addition to fall-out in the consumer space as commercial cybercriminals adopt leaked exploits and advanced lateral movement technologies into their own payloads.

Ransomware emerged as the most frequently encountered threat (again) with the number of new major ransomware families (with dozens or even hundreds of variations per family) in 2017 surpassing 160.

The most prolific ransomware strain is Troldesh / Crysis, with hundreds of sub-variants seen to date. GlobeImposter, another extremely prolific ransomware family, competes head-to-head with Troldesh in the number of released sub-variants.

“The commercial malware ecosystem is intensely focused on developing and planting ransomware,” the report states.

“Our stats show that one in six spam e-mail messages comes bundled with some form of ransomware (link to drive-by download sites, attachments rigged with ransomware or even JavaScript/VBS downloaders for ransomware).”

According to Bitdefender, this year also saw the reemergence of Qbot (also known as Brresmon or Emotet) which has been around for years as a multi-purpose, network-aware worm with back door capabilities.

Its new incarnation has a significant redesign of the command and control infrastructure with a cloud-based polymorphic engine that allows it to take a virtually unlimited number of forms to avoid AV detection.

Furthermore, ransomware that is specifically targeted at companies is now a ‘thing’ with organisations facing extremely targeted attacks that abuse the Remote Desktop Protocol to connect to infrastructure, then manually infect computers.

Ransomware like Troldesh and GlobeImposter are now equipped with lateral movement tools to enable them to infect the organisation and log clean-up mechanisms to cover their tracks.

“Crypto-currency miners have taken multiple shapes and approaches in 2017,” the report states.

“Traditional illicit coin miners have rushed to adopt lateral movement tactics such as the EternalBlue and EternalRomance exploits, allegedly originating from the NSA, to infect computers in organizations and increase mining efforts.”

Bitdefender says one of the main drivers of this category is the Monero miner Adylkuzz, which appeared in early May around the same time as WannaCry. The report states another notable development is cybercriminals’ move to integrate mining code in compromised websites to reach a broader audience and increase the mining yield.

Looking ahead, Bitdefender says the developments of this year will continue in the new year.

“After years of focusing on individuals, malware authors will increasingly target enterprises and networks of computers,” the report states.

“Lateral movement will become standard in most malware samples, either via password-grabbing utilities like Mimikatz, or by exploiting wormable vulnerabilities.”

Bitdefender expects the threat landscape to remain faithful to the malware with the best pay day – ransomware, banker Trojans and digital currency minors, but these threats will undergo major changes in the way they perform.

Story image
Cohesity appoints its very first CISO
In the newly created role, new appointee Brian Spanswick will focus on advancing and optimising IT and security for Cohesity and its customers, the company says.More
Story image
ThreatQuotient hits $22.5m in new financing, continues growth streak
“Since we first invested in ThreatQuotient in 2017, their team has continued to prove to the market that there is a critical need for cybersecurity solutions aimed at security operations."More
Story image
Imperva unveils new data security platform built for cloud
"The cloud has revolutionised IT, offering organisations a strategic opportunity to rapidly pursue new market initiatives and adapt their operations in the face of new business challenges."More
Story image
AvePoint brings Salesforce Cloud Backup to channel partners
The product adds to the AvePoint suite of trusted Cloud Backup for Microsoft 365 and Dynamics 365 to provide managed service providers with backup and restore capabilities across multiple, popular SaaS providers.More
Story image
Combine endpoint privilege management with these tools for maximum protection
By integrating an EPM solution with additional technologies, teams can manage the entire security tool stack more easily and enhance each component’s effectiveness.More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More