Banking Trojans and cryptojacking on the rise
A new report analyzes threat data collected from approximately 750,000 Morphisec protected endpoints globally, between January 1 and March 31, 2018, as well as from in-depth investigations conducted by the Morphisec Labs threat research team.
The report reveals key trends and definitive changes in the attack landscape for a 90-day span, with technical details on specific attack techniques and tactics used, including a highly unique set of threat analyses on five of the most critical threats to enterprise organizations. The Morphisec Labs team provides a risk-based impact analysis for end-users who could be affected by the threats outlined, along with prescriptive guidance on how to protect critical business assets.
“It’s not enough to look at the numbers, you need context to really understand where the most dangerous and relevant threats lie,” said Michael Gorelik, CTO and Head of Threat Research at Morphisec. “For example, we see that the cyberattack pipeline has become significantly more efficient and faster. Sophisticated attack technology moves quickly from nation-states to cybercriminal groups and filters down to mass-market exploit kits in a matter of days. This means organizations need to be thinking about how they can stay ahead of new attack developments – they don’t have the luxury anymore of defenses that must update themselves to address each new threat.”
Key findings
- Every attack used at least one fileless technique and, when taking out adware, approximately 36% were purely fileless.
- There’s been a significant uptick in Banking Trojan attacks, with Emotet the top banking malware.
- Although Q1 saw a decrease in ransomware attacks, ransomware strains are becoming more dangerous, incorporating sophisticated evasive techniques.
- Crypto-jacking features are being added to numerous attacks, even if coin mining is not the primary goal. CryptoNight was the most widely used mining algorithm in Q1.
- North Korea has become a major threat player, with various attacks in Q1 linked to the North Korean government and its affiliates.