Malicious actors kept busy late last year adding new weapons to their arsenal while placing others on the backburner as they attempted to profit from new honey holes like cryptocurrency mining and boosting the amount of old favorites like malspam.
Check Point's latest report looking at the second half of 2017 found, as has been widely reported, that the insane jumps in value enjoyed by cryptocurrencies made them too great a temptation for cybercriminals who accordingly upped their game in the closing months of the year pushing out miners even at the expense of using ransomware.
The company estimated about 20 percent of all organizations were victimized by a cryptocurrency miner injection just in December 2017.
Joining cryptocurrency on the upswing was malspam, primarily pushing VBS files, which saw a huge spike between July and November and peaking in September when about 1.3 million infections were attempted, the report said.
As Newtonian physics has taught, what goes up must come down. In this case the amount of ransomware and the use of exploit kits both saw a fall off as 2017 wound down.
Check Point credited better security for the decrease.
“The exploited platforms have become more secure. Common web browsers, such as Internet Explorer for example, have implemented new security measures, making it hard for even the more skilled attackers, to discover new vulnerabilities and develop new exploits. Moreover, the rapid response to new vulnerabilities exposed in these products by security vendors and leading browser developers, along with automatic updates of newer versions, have significantly shortened the shelf life of new exploits,” the report said.
Check Point also noted the decline of zero day exploits with bad guys seemingly more content to gather the reward in a bug bounty program or exploit acquisition platform like Zerodium. Adobe has also helped the cause.
“Less than 70 Flash vulnerabilities were exposed during 2017, whereas some 266 vulnerabilities were exposed the year before,” the report said.
The most prevalent malware reported during the second half of the year was the malvertiser Roughted followed by the cryptocurrency miner Coinhive. The ever popular Locky was number three followed by Andromeda, Nivdort and Firewall.
Coinhive's high placement is due in part to it being used by many legitimate sources to help replace ad revenue that has been reduced due to the number of ad blockers now in use, Check Point said, adding that in most cases this is done without the end users knowledge nor do the limit the amount of computer resources the miner can steal from the computer.
The information was garnered from 250 million addresses analyzed for bot discovery, 11 million malware signatures, and 5.5 million infected websites.