Organizations bore the brunt of cyber-attacks in Q1, according to Malwarebytes
Cybercriminals continued to throw their weight against businesses in the first quarter of 2019, with ransomware reappearing as a weapon of choice for those looking to solicit funds from corporate targets, according to the latest research from Malwarebytes.
In its 2019 Q1 Cybecrime Tactics and Techniques report, published today, the cybersecurity firm details how organizations have been taking on the bulk of attacks, while threats to consumers are seeing a 24% decrease year on year.
“Ever since I started in this game, I’ve always seen consumer detection pretty much increase each year,” Adam Kujawa, director at Malwarebytes Labs, told The Daily Swig.
“So this is a very interesting shift.”
Kujawa said that the change, which saw threat detection on businesses rise 7% from the previous quarter – a 235% jump since Q1 of 2018 – was partly due to stolen exploits like EternalBlue and EternalRomance being deployed within commercial malware.
Cybercriminals use these exploits in combination with brute-forcing software and information-stealing trojans in order to expand throughout a victim’s network – infecting a business and dropping ransomware when the identified target offers nothing more of value.
“This is something that you’d expect from a state-sponsored actor,” Kujawa said.
“We’re seeing more and more examples of state-sponsored attacks, technologies, and even tactics being utilized by commercial malware in order to try and expand [a cybercriminal’s] reach.”
Kujawa added: “It’s been very effective.”
Emotet, the pervasive self-propagating banking trojan, was a notable example of a piece of malware that added these exploits into its already vast arsenal toolkit.
Attacks leveraging Emotet were increasingly focused on business – detections were up by 200% from Q3 of last year.
“This is actually a trend that we’re seeing across the board,” Kujawa said.
“More and more of these malware families are coming out with multiple features which allow them to do a lot more than what they were originally built to do.”
“Will ransomware come back as we saw in 2016? I don’t think so, not any time soon,” Kujawa said.
“We’ve seen a lot more effort behind the development of trojans and information-stealing malware, stuff that can really allow cybercriminals to get a foothold on systems.”
The drop in consumer threat detections also reflected a decline in cryptomining, likely caused by the depleting value of cryptocurrencies such as Bitcoin.
The report also found that organizations still fail to patch vulnerabilities, thus allowing exploits like EternalBlue to function – a worrying trend, says Kujawa.
“Keep systems up to date, keep them patched, run security software as well,” Kujawa told The Daily Swig, highlighting the need for the business industry to up its security game.
“But my thing is always trying to tell people [and organizations] to not try to avoid getting hit by cybercrime, [instead] prepare yourself for when you do,” Kujawa added.
“It’s not worth it to put all your budget to try and stop attacks, it’s worth putting it to remediate and recover from one.”