Kaspersky Lab is in the business of security research. And they do all kinds of papers and studies and predictions. It recently released its Security Bulletin for 2018 that gives us a few clues about what to watch for in the upcoming year. There was, of course, some good news and some bad news, some shocks, and some “well we could have told you that” findings.
Backdoors and ransomware were both up from 2017 at 44% and 43%, respectively. Backdoors were 3.7% of all the new malware files that Kaspersky researchers analyzed from January to October of this year. Ransomware detections were no slouch either. They were 3.5% of the new detections clocking in at 3.13 million for the time period.
Of the blocked attempts by Kaspersky tools, attempts to deploy money-stealing malware were detected on 830,135 devices. These have been around a while and some may think we should have figured out how to mitigate these by now. Well, apparently not. This number caused the company to list banking malware and malicious programs for point-of-sale (POS) and ATMs as threats to look out for in 2019. Trojans made up about half of all of the malicious files the researchers looked into.
Why this increase in backdoors and ransomware? The researchers believe that criminals are trying to find out what works. To do this, they can reuse what has already been used in successful ways AND use new malware.
Speaking of ransomware, WannaCry and variants of it, was seen most often at 29.3% of the detected infections. Crypto-ransomware was not to be left behind. The researchers saw nearly 40,000 modifications of encryptors and 11 entirely new families. November was the worst month, when those hit 15,462 in the single month.
I bet you’re wondering what were the most targeted application for zero-day attacks? Well, no surprise at all that Adobe Flash was abused the most often. Roughly one new vulnerability involving Adobe Flash is found each month. Adobe is putting that product to rest in 2020, but until then, expect more issues to come up. But Flash isn’t alone, also abused were Adobe Acrobat Reader, Windows VBSscript, and the win32k.sys driver for privilege escalations and other problems.
Microsoft exploits were significant too. They were four times the average from 2017. They went from 17.6% to 55%. This was driven by mass email spam that spread documents with malicious intentions. The researchers explain that it is because these techniques are stable and easy to use and “all that’s required to create an exploit is to modify the exploit builder script published on a public resource.” Yep. All that’s necessary is to change a couple of lines of the code and off they go.
There are two main ways malware gets past an organization’s defenses. 1. Unpatched vulnerabilities in the equipment, and 2. Someone on the inside opens a malicious attachment or clicks a malicious link. To gear up for 2019, organizations should take a look at what systems are in place and where there may be weaknesses. For unpatched systems, make a significant effort to keep all systems up-to-date. When patches are released, get them applied. If they are security patches, they should be applied immediately and not delayed until the next patch cycle.
For the ones that land in employees’ inboxes, awareness and training is the best defense. Of course, external devices and spam filters should be in place and kept updated, but they don’t catch everything. Working with employees and providing continuous awareness training on current and potential threats and how to react is the best way to keep the risk of infections on the low side.
And of course, while you’re mitigating risk, do regular backups of important data. This is the best way to avoid having to pay a criminal to get it back should someone accidently click a link that holds your organization ransom.