Content, Channel partners, Content

Cylance Threat Report: 3X Increase in Ransomware Attacks in 2017


Ransomware attacks tripled and affected organizations across all verticals in 2017, according to a report from artificial intelligence-based advanced threat prevention solutions provider Cylance.

Key findings from Cylance's "2017 Cyber Threat Report" included:

  • Cylance prevented 3,918 attacks per enterprise in 2017, an increase of 13.4 percent year over year.
  • The food and hospitality industries suffered the highest volume of cyberattacks.
  • Ransomware attacks most frequently affected healthcare organizations.
  • Email and drive-by-downloads were the top cyberattack vectors.
  • System damage and data destruction were the top risks from threats executing within an enterprise environment.

In addition, the most prevalent cyber threats within the Cylance community in 2017 were:

  1. WannaCry: Ransomware attack that encrypted data on Windows computers and demanded a Bitcoin ransom.
  2. Upatre: A dropper/downloader associated with the Dyre/Gozi banking trojans.
  3. Cerber: A ransomware distributed denial-of-service (DDoS) bot that attaches to audio devices to speak to victims after deleting shadow copies, encrypting files and encrypting databases using RC4 and RSA algorithms.
  4. Emotet: A variant of the Feodo trojan family that steals banking credentials and other sensitive information.
  5. Locky: Ransomware delivered by email that includes a Microsoft Word document that contains malicious macros.
  6. Petya: Ransomware that targets Windows computers and infects the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting.
  7. Ramnit: Virus that infects Windows PE executable files.
  8. Fareit: Credential-harvesting malware that collects username and password data from a defined set of applications and protocols.
  9. PolyRansom: Ransomware that continually generates new copies of itself.
  10. Terdot: Trojan that enables cybercriminals to steal banking and other sensitive data and modify web traffic and page data.

Today's cybercriminals can modify their malware and attack methods to stay ahead of traditional security tools, Cylance World Chief Technology Officer Rahul Kashyap said in a prepared statement. However, organizations that stay informed about cyber threats and deploy up-to-date patches can protect their sensitive data and systems against evolving cyberattacks.

Cylance Provides Security Best Practices

Signature-based antivirus solutions and blacklisting are now "obsolete" due to cyber threat attributes like polymorphism and tactics utilized by fileless malware, according to Cylance.

Fortunately, there are many tried-and-true security best practices that organizations can use to safeguard their sensitive data and systems, Cylance noted. These best practices include:

  • Limit and monitor remote access.
  • Maintain strong physical security over vulnerable infrastructure.
  • Manage access and permissions within an IT environment.
  • Teach employees about social engineering, phishing and other cyberattacks.
  • Update hardware and software regularly.

MSSPs also can serve as valuable resources for organizations. If MSSPs share their security knowledge with organizations, they can help these organizations quickly detect and resolve cyberattacks.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.