Cybercrime tactics & techniques Q2 2018

Cybercrime tactics & techniques Q2 2018

A generally slow quarter reflects an overall lull in cybercrime, picking up where Q1 left off with cryptominers continuing to dominate, ransomware continuing to evolve through experimentation, and exploits making a small but significant comeback.

In nearly every malware category for both business and consumer detections, we saw a decrease in volume, corroborating our general “Dang, it’s been a little too quiet in here” sentiments since starting the new year. Our relative malaise was punctuated, however, with some interesting developments moving from Q1 to Q2. What threat actors lacked in quantity they made up for in quality.

Malwarebytes’ top two consumer detections continue to be adware and cryptomining, respectively, while miners took over the number one spot for business detections in Q2. Spyware, which had a strong Q1 for business, dipped down by 40 percent to number five, while banking Trojans held steady in the number two position, despite dropping in detections by nearly 50 percent. Meanwhile, backdoors shot up on both the consumer and business side, with consumer detections increasing by 442 percent.

New developments in ransomware and cryptomining drove the market, as Q2 attacks generally showed more sophistication than their Q1 counterparts. The introduction of complex VPNFilter malware, which dropped multi-stage attacks on hundreds of thousands of unsuspecting small office and consumer users, shook the sleepy cybersecurity industry awake. While 2017 outbreaks such as WannaCry and NotPetya have been as yet unmatched in terms of distribution volume and impact, VPNFilter, SamSam, and other such complicated campaigns show that 2018 may just be the year of higher-level, targeted attacks.

So how did we draw these conclusions? As we’ve done for the last several quarterly reports, we combined intel and statistics gathered from April through June 2018 from our Intelligence, Research, and Data Science teams with telemetry from both our consumer and business products, which are deployed on millions of machines. Here’s what we learned about cybercrime in the second quarter of 2018.

  • Cryptomining still hot, but starting to decline
  • GandCrab the king ransomware variant
  • Adware up 19% over last quarter for consumers
  • VPNFilter debuts with over 500,000 detections
  • Exploits on the rise
  • Scammers increasingly targeting PII (Personally Identifiable Information)

To read more about the above as well as get a detailed look at detection statistics & predictions for next quarter. Download the:

Cybercrime Tactics & Techniques Report for Q2 2018