Legacy Cybersecurity Defenses Won’t Keep Pace with New Ransomware and Cryptojacking Threats
March 2018 by Webroot
Webroot revealed the results from the 2018 edition of its annual threat report, which demonstrated attackers are constantly trying new ways to get around established defenses. The data, collected throughout 2017 by Webroot, illustrates that attacks such as ransomware are becoming a worldwide threat and are seamlessly bypassing legacy security solutions because organizations are neglecting to patch, update, or replace their current products.
The findings showcase a dangerous, dynamic threat landscape that demands organizations deploy multi-layered defenses that leverage real-time threat intelligence.
Notable Findings and Analysis:
· Windows 10 is almost twice as safe as Windows 7. However, the data reveals that the operating system migration rate for enterprises has been quite slow; Webroot saw only 32 percent of corporate devices running Windows 10 by the end of 2017.
· Polymorphism, i.e. creating slightly different variants of malicious or unwanted files, has become mainstream. In 2017, 93 percent of the malware encountered and 95 percent of potentially unwanted applications (PUAs) were only seen on one machine. In these instances, the identifiers are unique and undetectable by traditional signature-based security approaches.
· Ransomware and its variants became an even more serious threat. This past year, new and reused ransomware variants were distributed with a variety of purposes. Together, WannaCry and NotPetya infected more than 200,000 machines in over 100 countries within just 24 hours.
· High-risk IP addresses continue to cycle from malicious to benign and back again. Webroot saw 10,000 malicious IP addresses reused an average of 18 times each in 2017. The vast majority of malicious IP addresses represent spam sites (65 percent), followed by scanners (19 percent), and Windows exploits (9 percent).
· Of the hundreds of thousands of new websites created each day in 2017, 25 percent of URLS were deemed malicious, suspicious, or moderately risky. High-risk URLs fell into two major categories: malware sites (33 percent) and proxy avoidance and anonymizers (40 percent).
· Phishing attacks are becoming increasingly targeted, using social engineering and IP masking to achieve greater success. On average, phishing sites were online from four to eight hours, meaning they were designed to evade traditional anti-phishing strategies. Only 62 domains were responsible for 90 percent of the phishing attacks observed in 2017.
· Mobile devices continue to be a prime target for attackers—32 percent of mobile apps were found to be malicious. Trojans continue to be the most prevalent form of malicious mobile apps (67 percent), followed by PUAs (20 percent).
Hal Lonas, Chief Technology Officer, Webroot “Over the past year, news headlines have revealed that attackers are becoming more aggressive and getting extremely creative. Cryptojacking made our threat report for the first time this year as an emerging threat that combines everything an attacker could want: anonymity, ease of deployment, low-risk, and high-reward. Organizations need to use real-time threat intelligence to detect these types of emerging threats and stop attacks before they strike.”
The 2018 Webroot Threat Report presents analysis, findings, and insights from the Webroot Threat Research team on the state of cyber threats. The report analyzed more than 27 billion URLs, 600 million domains, 4.3 billion IP addresses, 62 million mobile apps, 15 billion file behaviour records, and 52 million connected servers. The statistics contained in the report come from threat intelligence metrics automatically captured from millions of real-world, global sensors, as well as third-party sources, and analyzed by the Webroot® Threat Intelligence Platform.