The Daily Swig Web security digest

Ransomware development stalls as attackers shift focus

James Walker | 29 January 2018 at 13:55

After spiking towards the end of last year, is ransomware finally going out of style?

The rise of WannaCry, Locky, and Cerber all helped ransomware achieve a “banner year” in 2017. But following a spike in ransomware detections in September, attackers are now pivoting to banking trojans, spyware, and cryptocurrency mining, a new report claims.

New telemetry from Malwarebytes Labs shows that in 2017, ransomware detections increased by 90% for businesses and 93% for consumers, compared the previous year.

However, while the influx of bitcoin-demanding malware families including Locky, Cerber, WannaCry, NotPetya, Globelmposter, and Jaff resulted in a sharp rise in ransomware incidents towards the end of last year, more recent data suggests that attackers have now shifted focus.

“Despite numerous high-profile attacks, new ransomware development has been a bit stale,” reads the 2017 State of Malware report.

“Trends over the last few months have shown a shift away from ransomware. In fact, many mechanisms for distributing malware have either gone back to the old favorites, like banking trojans and spyware, or moved onto the newer trend of delivering cryptocurrency miners.”

Although everyone from consumers to CISOs will welcome the news that ransomware seems to be falling out of hackers’ favor, Malwarebytes said it expects to see a “continued steady stream” of spyware in 2018.

The same can be said for cryptocurrency miners, as criminals attempt to profit from ‘Bitcoin Fever’.

“Due to the growing popularity and market value of cryptocurrencies, we have seen an increase in not only the number of malicious attacks using cryptominers, but also the methods used for attack,” the report states.

“If this craze continues, we are likely going to keep seeing an evolution of drive-by mining tools, new mining platforms, and new forms of malware designed to mine and/or steal cryptocurrency.”