January 23, 2019

Malwarebytes Annual “State of Malware” Report Reveals Malware Detections Targeting Businesses Increased Nearly 80 percent

  • Four of the top seven categories of malware detected within businesses (Trojan, riskware tool, backdoor and spyware) increased by more than 100 percent from 2017 to 2018
  • Emotet and TrickBot Trojan families were all-stars of the year;Vools was the top detection among backdoor compromises

SANTA CLARA, Calif.– January 23, 2019Malwarebytes™, the leading advanced endpoint protection and remediation solution, today announced its third annual State of Malware Report, which analyzes top malware threats from January through November 2018 and compares them with the same period in 2017. The report identifies a sharp increase in business-based malware detections, including a more than 100 percent increase in Trojan, riskware tool, backdoor and spyware activity. Overall, the research shows that cyber criminals are finding businesses as the best target with the highest returns.

“The year 2018 was action-packed from start to finish,” said Adam Kujawa, Director of Malwarebytes Labs. “It began with threat actors diversifying their cryptomining tactics; broadening their reach to Android, Mac and cryptomining malware; and experimenting with new innovations in browser-based attacks. While cryptomining died down by the second quarter, a new set of threats took its place: information-stealers. Trojans, especially Emotet and TrickBot, were top business detections across verticals and around the globe.”

Top findings from the Malwarebytes 2019 State of Malware Report include:

  • Businesses took a hit, malware detections increased by 79 percent:

Malware authors pivoted in the second half of 2018 to target organizations over consumers, recognizing that businesses provided a bigger payoff. Overall business detections of malware rose significantly over the last year—79 percent to be exact—primarily due to the increase in backdoors, miners, spyware and information-stealers. Biggest increases came from Trojans (132 percent), riskware tools (126 percent), backdoor malware (173 percent) and spyware (142 percent).

  • United States, UK, Germany, France and Australia all finished in the top 10 countries with the most business detections

These countries made the top 10 for the most business threat detections per country in 2018, by volume. The Asia Pacific region saw massive increases in backdoor malware and the use of exploits against their endpoints. 

  • Education, government, manufacturing and healthcare were the top industries impacted by the top malware of the year – Trojans.

When we zoom in on the Trojan category to look at its top family – Emotet, the industries shift. Education, manufacturing and hospitality top the list. The current trends with Trojans are likely to continue, while there are opportunities for criminals to exploit weak configurations and outdated assets. However, the greater concern is the copycats and new generations of families that are likely going to dominate 2019 across verticals and around the globe.

  • Emotet and TrickBot spread like wildfire, information-stealers topped business and consumer threats

The fallout from the ShadowBrokers leak of NSA exploits in 2017 continued, as cybercriminals used the Windows Server Message Block (SMB) vulnerabilities EternalBlue and EternalRomance to spread dangerous and sophisticated Trojans, such as Emotet and TrickBot. In fact, information-stealers were the top consumer and business threat in 2018, as well as the top regional threat for North America, Latin America, and Europe, the Middle East and Africa (EMEA). These information stealing variants of malware focused their energies on ensnaring businesses, gleaning the most profit from ultra-sensitive data that could be sold on the black market for re-targeting in future campaigns.

  • Consumer detections maintained at similarly high levels to 2017

Despite the focus on business targets, consumer malware detections stayed close to flat year-over-year, thanks to increases in backdoors, Trojans, and spyware malware categories throughout 2018. While 2017 saw nearly 800 millionconsumer detections overall, 2018 brought with it about 25 million fewer instances of infection.While the research showed an increase in malware detections against consumers at the end of 2017, this was primarily because of the flood of cryptocurrency miners being deployed in a large scale early in the year.

  • Education, manufacturing and government rounded out the top five targets for ransomware in 2018

Ransomware isn’t the wide-ranging threat it was in 2017, but it’s still a force. Overall trends show a drop in volume for the year, but an increase in focused, sophisticated attacks aimed at businesses. Indeed, the main spike in numbers has been in the realm of the workplace.

“We experienced another very active year for malware that shows no signs of stopping,” said Marcin Kleczynski, Malwarebytes CEO. “Attackers continued to shift their methodologies to follow the payload. We saw evidence of this with the strong focus on attacking businesses with insecure and unpatched networks. From massive data breaches to ransomware attacks, businesses are experiencing what consumers have been dealing with, but on a larger scale. In the coming year, Malwarebytes is dedicated to providing the cutting-edge protection and remediation tools needed for protecting the world against the most dangerous malware now, and well into the future.”

About the 2019 State of Malware Report

The Malwarebytes State of Malware Report compares January through November 2018 with the same period in 2017. We combine intelligence gathered by our researchers with data collected by honeypots, virtual sandboxes, and our business and consumer product telemetry in order to identify top threats for the year and trends in both volume and distribution.In addition, the annual report examines threats by region—North America, Asia Pacific, Latin America, and Europe, the Middle East, and Africa (EMEA)—as well as top industry verticals for the most prolific forms of malware.

About Malwarebytes

Malwarebytes proactively protects people and businesses against dangerous threats such as malware, ransomware and exploits that escape detection by traditional antivirus solutions. Malwarebytes completely replaces antivirus with artificial intelligence-powered technology that stops cyberattacks before they can compromise home computers and business endpoints. More than 60,000 businesses and millions of people worldwide trust and recommend Malwarebytes solutions. Our team of threat researchers and security experts process emerging and established threats every day, from all over the globe. Founded in 2008, the company is headquartered in California, with offices in Europe and Asia. For more information, please visit us at https://www.malwarebytes.com/.


Follow us on Facebook: https://www.facebook.com/Malwarebytes

Follow us on Twitter: @malwarebytes https://twitter.com/malwarebytes

Follow us on LinkedIn: https://www.linkedin.com/company/malwarebytes

See us on YouTube: https://www.youtube.com/malwarebytes

Read our latest Malwarebytes Labs blog: https://blog.malwarebytes.com/

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.