The 2018 Malware Review from security awareness and anti-phishing solution provider Cofense (Formerly PhishMe) looks at malware trends over the past 12 months and makes predictions about malware delivery and attack trends in 2018.
The 2018 Cofense Malware Review, titled A Look Back and a Look Forward, was compiled after analyzing millions of phishing and spam emails gathered from multiple sources over the past year. The report has a heavy focus on phishing and other email attacks – The primary attack method used by threat actors to gain access to SMB and enterprise networks. Cofense also analyzed the malware being used by cybercriminals and how the malicious code has evolved over the past 12 months.
The study highlights just how adaptable cybercriminals are and the speed at which they switch operations to take advantage of new opportunities, including changing malware variants to profit from new vulnerabilities.
This was clearly evidenced from the switch to the use of cryptocurrency miners as the value of cryptocurrencies soared in 2017. In addition to loading the malicious coin-mining code onto compromised websites, there was a marked increase in cryptocurrency mining malware being sent via spam email. The malware turns computers into cryptocurrency mining slaves, considerably slowing computers and causing major losses in productivity.
For its report, Cofense analyzed more than 600 campaigns involving Microsoft Office and notes that Office Macro scripting was the leading attack type, while Microsoft Object Linking and Embedding (OLE) was identified in more than 100 of the 600 campaigns.
During 2017 ransomware attacks increased, with Cerber and Locky the two most commonly used ransomware families (excluding screen lockers). However, in 2017 several new ransomware families were discovered that were primarily being distributed via phishing emails. Cofense notes that five of the top ten ransomware variants in 2017 were totally new.
Cofense predicts that 2018 will see a continued rise in the use of ransomware, with an increase in the number of threat actors using the file-encrypting code. There is also likely to be further diversification in the types of cryptocurrencies used by cybercriminals for payments. Cofense also predicts that as more businesses migrate to the cloud it will become a major attack surface.
It is important for companies to keep abreast of the current attack trends to ensure they can tailor their defenses to block new attacks. Businesses also need to train their employees how to recognize new threats.
“As delivery methods evolve daily and malware innovations accelerate, timely attack intelligence is critical and must extend across organizations. Now is the time for every inbox to be a sensor and every employee to be a security evangelist that can trigger organization-wide security orchestration to break the attack kill chain at delivery,” said Aaron Higbee, Co-Founder and CTO at Cofense.