Staggering Fifty Percent Increase in Botnet Stolen Credentials According to Blueliv 2018-19 Annual Cyberthreat Landscape Report
March 2019 by Blueliv
Blueliv launched its 2018-2019 Annual Cyberthreat Landscape Report providing insights into emerging and evolving cybersecurity trends. The report reveals that botnet stolen credentials increased by a staggering fifty percent in 2017-2018, with technology and telco sectors being the target for over half of those stolen.
© YAKOBCHUK VASYL
The research also revealed that India, Russia, USA, Vietnam and Turkey ranked the highest in the top ten most malware infected users by country, with those from Europe representing twenty percent of the total number. Additionally, Latin America became a new testing ground for cybercrime.
The cybercriminal ecosystem in Latin America has been growing steadily in recent years, due to increased internet penetration, increased digital transformation, high levels of outside investment and weak or non-existent cybercrime legislation. The report observed more than a seventy five percent year on year increase in the number of credentials belonging to Latin American markets in 2018. The second half of 2018 saw an increase of nearly two hundred percent compared to the same period in 2017.
“There’s an incredibly dynamic threat landscape in the LATAM region that’s largely being ignored. We hope to shine a spotlight on it by sharing information on the types of malicious activity we’re observing there. As the tools and techniques criminals use to carry out credential theft evolve, and reuse attacks improve, malicious attackers are finding it easier to achieve their goals, finding new targets and revisiting existing ones” commented Liv Rowley, Cyberthreat Intelligence Analyst at Blueliv. “By sharing intelligence and collaborating with others in the industry, we are in a much better position to fight the cybercrime onslaught.”
The report also explores changes in the threat landscape over the past year, unearthing trends and how they are expected to impact cybersecurity in 2019, highlighting some of the key observations to cybercriminal behaviours and attacks including:
• Ransomware campaigns decreased in popularity from 2017, but classic malicious campaigns like malware downloaders and trojans were still a trend in 2018. The significant decline in ransomware incidents is likely due, in part, to the exodus of less advanced threat actors moving away from this once-trendy cybercrime in favour of other types of crime such as cryptomining – that allow them to monetize quickly with little time and money invested.
• Pony, KeyBase and LokiPWS (also known as Loki Bot) have consistently been the most active stealers. However, current figures show that Emotet4 and AZORult now rank in the top 3 stealer samples detected by Blueliv’s labs.
• The ever-evolving Emotet trojan, re-emerged in 2018, and in November alone, Emotet was dispatching approximately 185,000 spam messages a day, utilising over 50,000 different sender emails. The recipients were largely corporate email addresses, representing 1,200,000 million different mail domains.
• Stabilisation of cybercriminal underground lowers barriers to entry for hackers and fraudsters. 2018 saw the stabilisation of English-language darknet marketplaces following a prolonged period of volatility, it appears that many of the English-language darknet markets that currently exist, such as DreamMarket, Empire Market, and Wall Street Market, have established their credentials and have begun to win back users. 2019 will likely herald further increased access to malicious products and services for cybercriminals of all stripes.
“Cybercriminals continue to find new ways to combine attack methods or compromise new and existing vectors for maximum results, but there is a real lack of capacity to respond to the increasing number of cyber incidents. Organisations need to adopt a multi-faceted approach to these threats through collaboration, technology, and training which will ultimately help them become better prepared to defend and respond to the changing threat landscape”, Rowley added.
This report is intended to be a reference document for CISOs and their security teams, but also for executives interested in how cybercrime affects enterprises today. The report contains a selection of the most important cybercriminal events of the 2018, including intelligence on specific threat actors and the TTPs (techniques, tactics and procedures) they deploy.
Tactical information and analysis is derived from data extracted from Blueliv’s modular cyberthreat intelligence technology, Threat Compass. It is complemented by strategic and operational threat intelligence gathered by Blueliv’s in-house analyst team, who offer guidance around how to combat certain attack techniques and improve an organisation’s overall security posture in 2019 and beyond.