Kaspersky Labs, a multinational cybersecurity and anti-virus organisation, has published its 2018 report on malware attacks detected on its network between November 2017 and October 2018. The report highlights the growing threat that malware attacks pose to data security worldwide.
The report uses information obtained using data collected from Kaspersky Security Networks (KSN) users, of which there are millions worldwide. The report shows that there has been a 43% increase in ransomware detections experienced by KSN users during the period between November 2017 to October 2018 in comparison to the same period the previous year. The data also showed a 44% increase in “backdoor” detections in the first 10 months of 2018. Backdoor malware attempts to bypass normal authentication systems to gain remote access to a computer, and their use among hackers is becoming increasingly common.
According to the report, the Kaspersky Lab is now handling 346,000 new malicious files every day. Until October 2018, their software flagged more than 21.64 million malicious objects on their user’s systems. It was reported that 30.01% of KSN user computers experienced at least one Malware-class web attack during the last year, representing potentially over a million people.
KSN detected 3.26 million backdoor attacks, an increase from 2.27 million in 2017. Ransomware attacks, which involves software that denies the user access to their device until a ransom has been paid to the scammer, also saw an increase from 2.2 million detections to 3.13 million. Backdoors account for 3.7% of malicious files analyzed by Kaspersky Lab and ransomware accounts for 3.5%.
Trojan attacks were reported as the most numerous type of attack in 2018, accounting for more than half of all malicious files detected. Trojan viruses are disguised as legitimate software and are employed by cybercriminals in order to get access to a user’s system. The main threats are the Zbot Trojan, which was used in 26.3% of attacks, followed by the Nymaim Trojan (19.8%), and the SpyEye backdoor (14.7%).
It was determined that the majority of attacks were made in an attempt to steal bank account information, credit cards numbers or other types of sensitive financial information. Cybercrime can be a lucrative business for those involved, with devastating effects for the victims.
Along with financial information, corporate data was one of the primary targets. Corporate data has a huge black market value, and hackers are frequently launching sophisticated attacks on organisations that may not have robust defence frameworks in place. Organisations may suffer financial and reputation damage if such an attack were to succeed.
Investigators at Kaspersky Labs noted that new ransomware families developed in 2018 than 2017, but even though there has been a fall in ransomware development, the risk of attack is still significant. In 2018, 11 new ransomware families were detected. The existing ransomware variants were edited by hackers, with over 39,000 modifications detected.
The worst month of the year for ransomware attacks was September 2018, when 132,047 different incidents were recorded. According to Kaspersky Lab, in the past year, 220,000 corporate users and 27,000 SMB users have been infected with ransomware and had files encrypted.
WannaCry variants, which were used for many high-profile attacks in 2017 including one on England’s NHS, were the most commonly used. WannaCry variants accounted for 29.3% of infections, followed by generic ransomware (11.4%), and GandCrab ransomware (6.67%).
The report projected that 2019 will see the upward trend in the number of malware attacks continuing. It postulates that banking Trojans and malicious software designed to attack ATMs and POS systems will continue to be major threats in 2019.