Content, Breach, Channel partners, Content, Malware, Phishing

AppRiver Report: 1,000% Increase in Phishing Attacks in 2017

AppRiver’s Troy Gill
AppRiver's Troy Gill

Email and web-based spam and malware attacks dominated the cybersecurity landscape in 2017, according to a global security report based on data compiled by cloud-based cybersecurity solutions company AppRiver.

Key findings from AppRiver's "2017 Global Security Report" included:

  • More than 14.5 billion emails infected with malware were sent in 2017.
  • There was a 1,000 percent increase in phishing attacks year over year.
  • 1.9 billion data records were lost or stolen as a result of cyberattacks in the first six months of 2017.
  • Many new strains of ransomware arrived in 2017, and these included WannaCry, Locky and Petya/NotPetya.
  • Distributed spam distribution (DSD) and Adwind Remote Access Trojan (RAT) attacks were among the most common malware-as-a-service attacks launched in 2017. DSD attacks involve simultaneously filling inboxes with junk emails and disguising a cybercriminal's purchase or wire fraud activity in real-time. Meanwhile, RAT attacks use fake payment confirmation emails to infect victims' devices with malicious files.

Cybercriminals leveraged both known and previously unexploited vulnerabilities to launch cyberattacks last year, AppRiver Security Analyst Troy Gill said in a prepared statement. However, IT professionals who understand rapidly evolving cyber threats and their potential impact can limit the risks associated with cyberattacks.

Moreover, proper user training can dramatically reduce phishing-related cybersecurity incidents, a recent KnowBe4 research study revealed.

Cybersecurity Predictions and Best Practices for 2018

AppRiver offered the following cybersecurity predictions for 2018:

  • Large data breaches will reign supreme. The sheer volume of data stolen in 2017 indicates there is potential for widespread data fraud this year.
  • Trusted sources may launch more cyberattacks than ever before. Many hackers will launch malicious attacks from hacked accounts and profiles.
  • New cybersecurity legislation is on the way. Security breach notifications laws will be passed related to incident handling and how breaches are reported to law enforcement, financial institutions and consumers.
  • The volume of state-sponsored cyberattacks will increase. Security analysts will find it exceedingly difficult to differentiate between criminal and state-sponsored cyberattacks.
  • Hackers will target cryptocurrency payment information. Malware authors will try to find new ways to steal Bitcoin, Ethereum and other cryptocurrency payment information and wallets.
  • Internet of Things (IoT) botnets will increase in volume and sophistication. IoT botnets will expand and increase in sophistication.

To limit exposure to cyberattacks in 2018, AppRiver provided the following recommendations:

  • Deploy antispam and antivirus solutions.
  • Perform regular software updates and patch vulnerabilities.
  • Use double authentication procedures.

Furthermore, formal security policies and ongoing cybersecurity training are paramount for organizations of all sizes and across all industries, AppRiver indicated. With the right security policies and cybersecurity training programs in place, an organization can keep its employees up to date about cyber threats and ensure workers can take a proactive approach to minimize the impact of cyberattacks.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.