Application security, Threat Management, Threat Management, Malware, Phishing, Ransomware

AI use in ransomware attacks and sextortion schemes top Malwarebytes 2018 report

The Malwarebytes State of Malware 2018 report found an odd mix of attacks that took place last year with businesses bearing the brunt of cybercriminals' efforts, while consumers were victimized in a new way using their previously hacked PII.

Malwarebytes CEO Marcin Kleczynski

The amount of malware targeted at business increased 79 percent, compared to 2017, with trojans, hijackers, riskware tools and backdoors being the most prevalent. Cryptocurrency mining and ransomware also played a big role with the former hitting its peak early in 2018 and then quickly fading away as currency values plummeted while the latter was distributed in new and dangerous ways.

Marcin Kleczynski, Malwarebytes CEO, told SC Media the major change with ransomware came in the delivery method.

“They are no longer using a shotgun approach and that worries me,” he said, adding instead of using spam or malvertising exploits aimed at a huge swath of potential victims the threat actors are manually choosing targets and then using a brute force approach to gain entry along with artificial intelligence to bypass the target’s antivirus software.

This was the approach used to deliver SamSam ransomware to Atlanta, Port of San Diego and Colorado Department of Transportation.

Other than ransomware, businesses and banks in particular, faced an increased number of trojans with Kleczynski, noting a day did not go by without a client calling and saying they were being hit with Emotet or Trickbot.

On the consumer side the big surprise, Kleczynski said, was the huge number of sextortion scams that took place. And even odder was the fact that these did not include malware of any type, but simply preyed upon the victim’s general ignorance and perhaps guilty conscious. The scams center on emails that say the attacker has obtained evidence that the target at one time visited a potentially embarrassing website. To add an air of authenticity to the scam the malicious they include old login information from the target person bought on the dark web.

Overall, the amount of malware against consumers that was detected fell three percent.

Some of the other major takeaways for the year was the massive spike in cryptocurrency mining, quickly followed by its demise. Malwarebytes noted that at one point malicious actors jumped onto this bandwagon almost wholeheartedly abandoning most of their other efforts, only to begin moving away from it as digital currency prices fell. This has led Malwarebytes to predict cryptomining attacks against consumers and browser base attacks all but will cease and miners will focus on injecting platforms like servers and IoT devices which can generate more revenue.

The report also touches on the mega breaches that took place including Facebook, Marriott, Exactis, MyHeritage and Quora and how malspam replaced exploit kits as a criminal’s favorite vector because the major kit makers found themselves behind bars.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.