BROOMFIELD, Colo., Oct. 29, 2019 /PRNewswire/ -- Webroot, a
Carbonite (NASDAQ: CARB) company, released its third annual
Nastiest Malware list, shedding light on 2019's worst cybersecurity
threats. From ransomware strains and cryptomining campaigns that
delivered the most attack payloads to phishing attacks that wreaked
the most havoc, it's clear that cyber threats across the board are
becoming more advanced and difficult to detect. Consumers and
businesses alike need to become savvier and take cybersecurity
education seriously in order to limit their risk.
Dive into the Nastiest Malware of 2019:
wbrt.io/nastiestmalware2019
Webroot's 2019 Nastiest Malware includes:
Ransomware – Ransomware continued to see success by
evolving a more targeted model initially adopted in previous years.
SMBs remain a prime target as they struggle with limited security
budget and skills. Whether its phishing attacks targeting employees
or brute forcing unsecured RDP, ransomware is as effective as ever,
cementing its place on our list for another year. The nastiest
include:
- Emotet - Trickbot – Ryuk ("Triple Threat") – One of the
most successful chains of 2019 in terms of financial damages. These
strains have shifted their focus to more reconnaissance-based
operations. They assign a value to the targeted network post
infection and then send the ransom for that amount after moving
laterally and deploying the ransomware.
- Trickbot/Ryuk – The second stage payload for Emotet in
the first half of 2019, Ryuk infections that are typically
delivered by Trickbot result in the mass encryption of entire
networks.
- Dridex/Bitpaymer – Dridex is now being used as an
implant in the Bitpaymer ransomware infection chain and is also
being delivered as a second stage payload off of Emotet.
- GandCrab – One the most successful instance of RaaS
(ransomware-as-a-service) to date, the authors have boasted shared
profits in excess of $2 billion.
- Sodinokibi - Sodin / REvil – This combination arose
after the retirement of GandCrab. It's not uncommon for successful
threat actors who receive a lot of attention to try to start new
projects in an attempt remain successful.
- Crysis/Dharma – Back for its second year on the Nastiest
Malware list, this ransomware was actively distributed in the first
half of 2019. Almost all infections observed were distributed
through RDP compromise.
Phishing – Email-based malware campaigns increased
dramatically in complexity and believability in 2019. Phishing
campaigns became more personalized and extortion emails claimed to
have captured lude behavior using compromised passwords. The
nastiest phishing attacks include:
- Company Impersonation – The biggest security concern at
the office is often an employee, not a hacker in some remote
location. The year 2019 continued to prove that failure to follow
best practices – including reuse and sharing of passwords and
familiarity with the top impersonated brands like Microsoft,
Facebook, Apple, Google and PayPal – caused significant
damage.
- Business Email Compromise (BEC) – In 2019
there was a rise of email address hijacking and deep fakes.
Individuals who are responsible for sending payments or purchasing
gift cards were targeted through spoof email accounts impersonating
company executives or familiar parties. Victims were tricked into
giving up wire transfers, credentials, gift cards and more.
Botnets – Botnets remained a dominant force in the
infection attack chain. No other type of malware delivered more
payloads of ransomware or cryptomining. The three nastiest
include:
- Emotet – The most prevalent malware of 2018
continued its dominance in 2019. Despite a brief shutdown in June,
Emotet resurfaced in September as the largest botnet delivering
varying malicious payloads.
- Trickbot – Trickbot's modular infrastructure makes it a
serious threat for any network it infects. Its combination with
Ryuk ransomware is one of the more devastating targeted attacks of
2019.
- Dridex – Once considered one of the most prominent
banking trojans, Dridex is now used as an implant in the infection
chain with Bitpaymer ransomware.
Cryptomining & Cryptojacking – The explosive growth
of cryptojacking sites in 2017-2018 is gone. Cryptomining will not
die entirely, however, because it is low-risk, guaranteed money,
while also less "malicious" and profitable than ransomware. The
nastiest campaigns of 2019 include:
- Hidden Bee – An exploit delivering cryptomining
payloads, Hidden Bee first started last year with IE exploits and
has now evolved into payloads inside JPEG and PNG images through
stenography and WAV media formats flash exploits.
- Retadup – A cryptomining worm with over 850,000
infections, Retadup was removed in August by Cybercrime Fighting
Center (C3N) of the French National Gendarmerie after they
took control of the malware's command and control server.
Key Quote:
Tyler Moffitt, Security
Analyst, Webroot
"It comes as no surprise that we continue to see cybercriminals
evolve their tactics. They may be using the same strains of
malware, but they are making better use of the immense volume of
stolen personal information available to craft more convincing
targeted attacks. Consumers and organizations need to adopt a
layered security approach and not underestimate the power of
consistent security training as they work to improve their cyber
resiliency and protection."
Additional Resources
- The Ransomware Threat isn't over. It's Evolving.
- 2019 Mid-Year Threat Report
- Hook, Line and Sinker: Why Phishing Attacks Work
- Malware Prevention Guide
About Webroot
Webroot, a Carbonite company, harnesses the cloud and artificial
intelligence to protect businesses and individuals against cyber
threats. We provide endpoint protection, network protection, and
security awareness training solutions purpose built for managed
service providers and small businesses. Webroot BrightCloud® Threat
Intelligence Services are used by market leading companies like
Cisco, F5 Networks, Citrix, Aruba,
Palo Alto Networks, A10 Networks, and more. Leveraging the power of
machine learning to protect millions of businesses and individuals,
Webroot secures the connected world. Webroot operates globally
across North America, Europe, Australia and Asia. Discover Smarter Cybersecurity®
solutions at webroot.com.
Social
Media: Twitter | LinkedIn | YouTube | Facebook
About Carbonite
Carbonite provides a robust data protection platform for
businesses, including backup, disaster recovery, high availability
and workload migration technology. The Carbonite data protection
platform supports businesses on a global scale with secure cloud
infrastructure. To learn more,
visit www.carbonite.com and follow us on Twitter
at @Carbonite.
Carbonite, Inc. serves customers through three brands: Carbonite
data protection, Webroot cybersecurity, and MailStore email
archiving.
View original content to download
multimedia:http://www.prnewswire.com/news-releases/the-revival-of-ransomware-webroot-reveals-2019s-nastiest-threats-300946737.html
SOURCE Webroot