Malwarebytes’ latest threat report shows cybercriminals may be shifting their focus away from consumers

Cybercriminals are increasingly targeting businesses with malware, as the number of recorded attacks against consumers drops for the first time.

This is the takeaway from Malwarebytes’ 2019 State of Malware report, published today, which signals an interesting shift in cybercrime tactics.

Overall malware detections for businesses rose by 79% last year, the report reads, from just under 40 million in 2017 to almost 72 million in 2018.

Consumer detections, meanwhile, decreased by 3% – a stark contrast to traditional malware trends.

But while targeted attacks on consumers may be down, there were still 750 million recorded incidents in 2018, a figure not to be ignored.

“We’ve seen a shift in focus by cybercriminals of going after consumers so much, to going after business and specifically using Emotet and TrickBot,” Malwarebytes’ Labs director Adam Kujawa told The Daily Swig last week.

“[There has been] a focus on businesses being targeted against this threat versus what we’ve traditionally seen in the past of consumers. [Cybercriminals used to] throw a wide net and hope they catch a couple of ‘grandmas’ in the process, but now that’s not the case.

“We’ve seen not only a 70 or 80% increase in business detections overall this last year compared to 2017, but we’ve also seen a drop of 3% on the consumer side, which I’ve never seen before.

“I’ve never seen consumer malware drop compared to a previous year, I mean that’s just not the nature of malware.”

New malware threats

In its analysis of the threat landscape in 2018, Malwarebytes drew attention a new malware strain dubbed ‘Vools’ which has rapidly spread across countries in the Asia-Pacific region.

The malware, which leverages the EternalBlue exploit to install a backdoor in the target device, has already been seen in parts of Indonesia, India, Thailand, Vietnam, and Russia.

“A lot of the western world has managed to patch those same vulnerabilities that WannaCry targeted, and so with Vools it has the same capability but it’s targeting Asia,” said Kujawa.

“It’s been able to spread pretty rapidly, it’s one of the top detections we have for the entire Asia-Pacific area.”

Indeed, detections of backdoor malware in businesses in Asia-Pacific increased by 5,137% in 2018, while consumer devices also saw a 591% increase.

Malwarebytes has yet to confirm the reason for this sudden uptake, though the popularity of Internet Explorer coupled with unpatched systems is likely to be a contributing factor.

Kujawa said: “When it comes to [the success of] this particular malware in Asia, it’s something to do with the culture of security in that region.

“In the report earlier this year when we talked about exploit kits in Asia, we talked about how the majority of the browser market share in this region is Internet Explorer.

“Not Edge or Firefox or Chrome, plain old IE, which is one of the most targeted and exploited browsers in history.

“Beyond that we know that there are a lot of unpatched systems out there in Asia which are vulnerable to the EternalBlue exploit. It could be due to the possibility of it being pirated software on theses servers, I’m not really sure.

“But it would make a lot of sense as to why they can’t patch, and it would make a lot of sense why they were a continued target of hackers using two-year-old exploits.”

Consumer woes

While cybercriminals appear to be pivoting to high-value targets such as small and medium-sized businesses (which often have sizeable assets, but no budget for a security team), it’s clear that consumers can’t afford to relax.

Despite the 3% drop in targeted malware impacting consumer devices, adware, trojans, backdoored malware, and spyware were all cited as ongoing global concerns.

“As we look ahead to 2019, we anticipate the game of cat and mouse to continue on and on, with old tricks applied to new threats and new tactics used for old favorites,” Malwarebytes said in its conclusion to the report.

“As always, our advice remains to stay informed, stay vigilant, and never take the security of your data or devices for granted.”