2017 was a tumultuous year in politics, media, gender, race—and cybersecurity didn’t beat the rap. Last year was full of twists and turns in the cybercrime world, with major outbreaks, new infection methods, and the evolution of the cryptocurrency crime industry.
In aiming to make sense of the madness, we gathered information from our data science, research, and intel teams throughout the year, checking in on trends, the rise and fall of malware families, distribution methods, and more. What we came up with was a more complete picture of the 2017 threat landscape that showed us just how much can change in a year.
In our 2017 State of Malware report, we examined attack methods, malware developments, and distribution techniques used by cybercriminals over the last 12 months. We dove into the exponential increases of malware volume and severity year-over-year, as well as trends in high-impact threats, such as ransomware and cryptomining. Some of our key takeaways include:
Ransomware volume was up in 2017, but trending downward.
Ransomware detections were up 90 and 93 percent for businesses and consumers respectively in 2017, with several splashy outbreaks accounting for the majority of the increase in rates. However, development of new families and tactics for delivery slowed way down, especially in the last quarter of the year.
What they can’t hold for ransom, criminals will steal instead.
With ransomware slowly going out of favor, criminals pivoted to banking Trojans, spyware, and hijackers in 2017 to attack companies instead. We saw an increase of 40 percent in hijackers and 30 percent in spyware detections in 2017. The second half of the year also marked an average of 102 percent increase in banking Trojan detections.
Cryptomining is out of control.
Alongside a sudden cryptocurrency craze, bad actors have started utilizing cryptomining tools for their own profit, using victim system resources in the process. This includes compromised websites serving drive-by mining code, a significant increase of miners through malicious spam and exploit kit drops, and adware bundlers pushing miners instead of toolbars. By the end of 2017, basically anyone doing any kind of cybercrime was also likely dabbling in cryptomining.
In addition to looking back at 2017, we looked forward to 2018, analyzing current trends and pontificating on what they point to. We realize making predictions about cybercrime is a bit more art than science, but when we look back over years of patterns and data and experience, we can make some educated guesses about where we think this is all going. With that in mind, some of our 2018 predictions include:
A “slow” year for Internet of Things threats means more attacks in 2018.
Attackers spent a lot of time in 2017 developing new tools to take advantage of IoT with spam-spreading botnets and, likely, more DDoS attacks. It’s not farfetched to think we may see DDoS attacks against large organizations, like airline companies and power utilities, demanding a ransom to call off an army of botnet-infected IoT devices. But rather than encrypt files, the attacks will disrupt businesses and their operations until payment has been made.
Cryptocurrency mining fever will give birth to dangerous new threats.
Drive-by mining and skyrocketing values are driving interest in cryptomining from both users and criminals alike—to the point where retailers are now screening potential graphics card customers for miners. Faced with continued volatility, we are likely going to see an evolution of drive-by mining tools, new mining platforms (such as Android and IoT devices), and new forms of malware designed to mine and/or steal cryptocurrency.
To see our complete analysis of key developments in malware, the most interesting attack vectors of the year, predictions for 2018, and more, read: