Spyware and ransomware took center stage among malware infections in 2019, with the former dominating in the percentage of incidence but the latter hitting the hardest in extorting data rich businesses and organizations, a new report said.
In 2019, the "sophistication and daring of threat actors grew", and the financial damage as a result of cyber attacks "became apparent,” the report by Deep Instinct reads. Sodinokibi was the most prominent ransomware last year, especially as cyber crews shifted the bulls eye to “infiltrating and extorting” businesses and organizations worldwide, Deep Instinct said in a new report entitled Cyber Threat Landscape Report, 2019-2020. By contrast, Emotet has been the most dominant and prolific threat for most of the year, with spyware’s yearly average of incidents at 72.5 percent.
Droppers, the vehicle through which other types of malware are downloaded and executed on machines, were at 12.3 percent and virus at 5.4 percent. While ransomware stood at 2.4 percent, it wreaked havoc to the tune of at least $11.5 in total damage costs in 2019, the report said. Interestingly, though ransomware make up only a small portion of the threat landscape in terms of the total amount of unique threats, it is "overly represented in terms of the impact of ransomware attack,” the report said.
Here are five takeaways from the report:
- Financially motivated bad actors got better. Techniques such as file-less attacks, or extremely targeted attacks, are now also being carried out by cyber criminals not only just nation-states, as seen in particular with ransomware and spyware.
- Increase in targeted, profitable ransomware attacks. Instead of focusing on economies of scale and mass scale infection, ransomware operators have evolved to be more targeted, looking for higher value targets, ranging from large enterprises to critical services such as health, rescue services and local government.
- Emotet, Trickbot dominant malware. Emotet was the most dominant and prolific threat for 2019, evolving to gain a wide installed base, while Trickbot, the most prominent financial malware of the past several years, compiled a huge target list of some 250 million email addresses.
- Wipers return. Wipers, which irreversibly damage data, were used prolifically in the wild in the early 2010’s, and have resurfaced in highly targeted attacks against industrial organizations with some ransom infections including wiping features.
- Heavily leveraged living-of-the-land attacks. LOTL attacks, which leverage existing software installed in the victims’ environment, or administrative, forensic or system tools not considered malware but which can be abused and used maliciously, were deployed in several high profile attacks.
And, three new and emerging trends.
- The ability of deep learning-based network to determine quickly and accurately whether a file is malicious, enables the analysis of files pre-execution, so that malicious files can be prevented preemptively.
- The rapid growth in size of deep learning models means that larger sets of data that are comprised of greater complexity can now be processed.
- Adversarial learning, the ability to fool machine learning classifiers using algorithmic techniques, has become a hot research topic.
And, Deep Insights cybersecurity predictions for 2020:
- Increase in the scope and rate of mutations and variants.
- Multi-Purpose malware will become more common.
- Strictly file-less attacks will develop.
- Evasion will be more focused on evading AI-based technologies.
- Nation-states will further explore and implement AI in offensive operations.