Cybersecurity professionals don’t tend to get much time off during the holidays. If anything, many of them are working longer and harder this time of year. But the end of a year does provide an opportunity to reflect both on what’s occurred in the last year and, perhaps more importantly, what’s to come.
A new report published by Carbon Black, a provider of cybersecurity software for endpoints, finds there has been a significant shift in how cyberattacks are being launched in the last year. All told, over half the attacks that Carbon Black was able to identify in 2017 (52%) were not based on malware. Instead, cybercriminals are relying more on trusted applications to gain control of computers. The most widely employed means for launching such attacks are PowerShell and Windows Management Instrumentation (WMI) tools that typically run in memory. Not only are these types of attacks more lethal than a traditional malware attack, the Carbon Black report says they are increasing at a rate of 6.8 percent per month.
Overall, Carbon Black report the number of attacks on endpoints is increasing 13 percent per month. Each endpoint is now being attacked on average three times a month. That’s up 328 percent over 2016, the report finds.'Each endpoint is now being attacked on average three times a month' Click To Tweet
None of this means cybercriminals are employing traditional malware less. Not only does malware account for half of attacks still, the report notes that nearly half of all successful attacks can be attributed to malware. The Carbon Black report finds the top ten most widely seen families of malware in 2017 were Kryptik (15.7%), Strictor (14.7%), Nemucod (12.4%), Emotet (10%), Skeeyah (7.3%), Zapchast (4.9%), Sality (4.7%), Zusy (4.6%), Zbot (4.2%), and CoinMiner (4.1%).
Much of the increase in cybersecurity attacks can be attributed to the success cybercriminals are enjoying with ransomware. According to Carbon Black researchers, the dark web economy for ransomware is growing at a rate of 2,502% per year. Some sellers of ransomware are making more than $100,000 per year simply retailing ransomware, says Carbon Black. Researchers at Carbon Black are predicting that in 2018 these attacks will become more targeted versus the “spray and pray” approach widely employed today. In addition, they note that increasingly Linux systems will be viewed as a new opportunity for cybercriminals that mainly focused these attacks on Windows systems in the last year.
Clearly, new approaches to cybersecurity will need to be implemented in 2018. Rather than continuing to rely on cybersecurity strategies that are primarily oriented around defending against malware, organizations need to adjust to a new reality. Cybercriminals are not only increasing the volume of attacks being launched; they are combining various types of attacks in the hopes of confounding their adversaries.
The primary issue, of course, is that most organizations have neither the tools or the expertise required to defend themselves against anything more than a routine malware-based attack. Many cybersecurity professionals are counting on advances in artificial intelligence to help plug the gap in their defenses in 2018. But just like any other cybersecurity professional, IT organizations would do well to remember it still takes time to train AI systems how to effectively enforce even the most routine cybersecurity policy.
In the meantime, there really is no substitute for a constant state of vigilance. After all, cybercriminals don’t take much time off for holidays either.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.