Cryptojacking is on the rise.
Spear-phishing is on the rise.
Polymorphism is on the rise.
And, ransomware is on the rise.
According to the recently released 2018 Webroot Threat Report, hackers are still innovating, but most attacks get through because organizations are slow or unaware to patch, update or replace current products.
One of the big findings from the annual report was that in 2017 attacks such as ransomware are bypassing legacy security solutions.
An example of this is Cryptojacking. The Webroot report found that this attack is gaining traction because it is profitable, anonymous and requires minimal effort. Since September 2017, more than 5,000 websites have been compromised with JavaScript cryptocurrency miner CoinHive to mine Monero by hijacking site visitors’ CPU power, Webroot reported.
“Positioning security is the elevator pitch for MSPs and Webroot security products allows them to talk to customers about the complex landscape that is security and provide solutions at an affordable rate,” said Cameron Stone, MSP channel account manager for Webroot, based in Bloomfield, Colo.
Stone told EChannelNews at the ChannelNEXT East Conference in Esterel, Que., that older anti-virus or end point solutions have been taking up a lot of time for MPSs and producing several tickets around infections, reimaging of machines and restore from backup.
Watch this interview with Cameron Stone at the ChannelNEXT show.
What Webroot does is give MSPs a console for access where they can deploy solutions to customers. Webroot allows MSPs to establish their own pricing structure with monthly payments. “This will help them grow with us or shrink with us as they like as the partner program has SaaS based pricing,” he said.
Another key finding was on phishing attacks. The report found that phishing attacks are becoming increasingly targeted, using social engineering and IP masking to achieve greater success. On average, phishing sites were online from four to eight hours, meaning they were designed to evade traditional anti-phishing strategies. Only 62 domains were responsible for 90 per cent of the phishing attacks observed in 2017.
According to Stone, phishing is becoming more prevalent in the market. However, hackers don’t need the most sophisticated phishing scam to succeed. Stone added that people are still getting caught off-guard with simple UPS (United Parcel Service) emails as part of a larger phishing campaign.
UPS has confirmed this on their website saying “these types of emails point to invalid hyperlinks that are revealed when you hold your cursor over them. The invalid links may contain malware, which could potentially corrupt your computer.”
But Stone said that Spear-Phishing has become a much bigger type of attack that will play on a person’s emotions. For example, your CEO demands something of you in the morning and then a Spear-Phishing email appears – supposedly from the CEO – but it’s really a criminal. “This is becoming more prevalent every day,” he said.
Other findings from the Webroot Threat Report are:
- Windows 10 is almost twice as safe as Windows 7. However, the data reveals that the operating system migration rate for enterprises has been quite slow; Webroot saw only 32 per cent of corporate devices running Windows 10 by the end of 2017.
- Polymorphism, i.e. creating slightly different variants of malicious or unwanted files, has become mainstream. In 2017, 93 per cent of the malware encountered and 95 per cent of potentially unwanted applications (PUAs) were only seen on one machine. In these instances, the identifiers are unique and undetectable by traditional signature-based security approaches.
- Ransomware and its variants became an even more serious threat. This past year, new and reused ransomware variants were distributed with a variety of purposes. Together, WannaCry and NotPetya infected more than 200,000 machines in over 100 countries within just 24 hours.
- High-risk IP addresses continue to cycle from malicious to benign and back again. Webroot saw 10,000 malicious IP addresses reused an average of 18 times each in 2017. The vast majority of malicious IP addresses represent spam sites (65 per cent), followed by scanners (19 per cent), and Windows exploits (9 per cent).
- Of the hundreds of thousands of new websites created each day in 2017, 25 per cent of URLS were deemed malicious, suspicious, or moderately risky. High-risk URLs fell into two major categories: malware sites (33 per cent) and proxy avoidance and anonymizers (40 per cent).
- Mobile devices continue to be a prime target for attackers — 32 per cent of mobile apps were found to be malicious. Trojans continue to be the most prevalent form of malicious mobile apps (67 per cent), followed by PUAs (20 per cent).