2019 State of Malware report: Trojans and cryptominers dominate threat landscape

2019 State of Malware report: Trojans and cryptominers dominate threat landscape

Each quarter, the Malwarebytes Labs team gathers to share intel, statistics, and analysis of the tactics and techniques made popular by cybercriminals over the previous three months. At the end of the year, we synthesize this data into one all-encompassing report—the State of Malware report—that aims to follow the most important threats, distribution methods, and other trends that shaped the threat landscape.

Our 2019 State of Malware report is here, and it’s a doozy.

In our research, which covers January to November 2018 and compares it against the previous period in 2017, we found that two major malware categories dominated the scene, with cryptominers positively drenching users at the back end of 2017 and into the first half of 2018, and information-stealers in the form of Trojans taking over for the second half of the year.

But that’s not all we discovered.

The 2019 State of Malware report follows the top 10 global threats for consumers and businesses, as well as top threats by region and by corporate industry verticals. In addition, we followed noteworthy distribution techniques for the year, as well as popular scams. Some of our findings include:

  • In 2018, we saw a shift in ransomware attack techniques from malvertising and exploits that deliver ransomware as a payload to targeted, manual attacks. The shotgun approach was replaced with brute force, as witnessed in the most successful SamSam campaigns of the year.
  • Malware authors pivoted in the second half of 2018 to target organizations over consumers, recognizing that the bigger payoff was in making victims out of businesses instead of individuals. Overall business detections of malware rose significantly over the last year—79 percent to be exact—and primarily due to the increase in backdoors, miners, spyware, and information stealers.

  • The fallout from the ShadowBrokers’ leak of NSA exploits in 2017 continued, as cybercriminals used SMB vulnerabilities EternalBlue and EternalRomance to spread dangerous and sophisticated Trojans, such as Emotet and TrickBot. In fact, information stealers were the top consumer and business threat in 2018, as well as the top regional threat for North America, Latin America, and Europe, the Middle East, and Africa (EMEA).

Finally, our Labs team stared into its crystal ball and predicted top trends for 2019. Of particular note are the following:

  • Attacks designed to avoid detection, like soundloggers, will slip into the wild.

  • Artificial Intelligence will be used in the creation of malicious executables.

  • Movements such as Bring Your Own Security (BYOS) to work will grow as trust declines.

  • IoT botnets will come to a device near you.

To learn more about top threats and trends in 2018 and our predictions for 2019, download our report from the link below.

2019 State of Malware Report


Wendy Zamora

Editor-at-Large, Malwarebytes Labs

Writer, editor, and author specializing in security and tech. Content guru. Lover of meatballs.