sb-eu logo
Story image

Report finds legacy cybersecurity a cinch for modern cybercrime

23 Mar 2018

The message from Webroot’s recent annual threat report is clear – stay on top of your cybersecurity or be breached.

Data collected throughout 2017 shows that attacks such as ransomware and cryptojacking are easily bypassing legacy security solutions due to businesses neglecting patch, update, or replace their current products.

Webroot chief technology officer Hal Lonas says it is concerning to see the relentless innovation of cybercriminals.

“Over the past year, news headlines have revealed that attackers are becoming more aggressive and getting extremely creative,” says Lonas.

“Cryptojacking made our threat report for the first time this year as an emerging threat that combines everything an attacker could want: anonymity, ease of deployment, low-risk, and high-reward. Organisations need to use real-time threat intelligence to detect these types of emerging threats and stop attacks before they strike.”

Some of the notable findings and analysis from the report include:

  • Cryptojacking has rapidly gained popularity as it is profitable, anonymous and requires minimal effort. Since September 2017 more than 5,000 websites have been compromised with JavaScipt cryptocurrency miner CoinHive to mine Monero by hijacking site visitors’ CPU power.
  • Windows 10 is almost twice as safe as Windows 7. Despite this the operating system migration rate has been slow with only 32 percent of corporate devices running Windows 10 by the end of 2017.
  • Creating slightly different variants of malicious or unwanted files (polymorphism) has become mainstream. In 2017, 93 percent of the malware encountered and 95 percent of potentially unwanted applications (PUAs) were only seen on one machine.
  • Ransomware continues its meteoric rise with new and reused ransomware variants distributed with a variety of purposes. Together, WannaCry and NotPetya infected more than 200,000 machines in over 100 countries within just 24 hours.
  • There are hundreds of thousands of websites created every day, and of these 25 percent were deemed malicious, suspicious, or moderately risky.
  • Phishing attacks remain one of the most used and successful attack vectors. Phishing is becoming increasingly targeted, using social engineering and IP masking to get greater results. Only 62 domains were responsible for 90 percent of the phishing attacks observed in 2017.
  • Mobile devices continue to be a prime target for attackers with 32 percent of mobiles apps found to be malicious. Of these, Trojans continue to be the most prevalent (67 percent) followed by PUAs (20 percent).
  • Ten countries accounted for 62 percent of all malicious IPs globally. These were the United States (12 percent), China (12 percent), Indonesia (8 percent), France (6 percent), Russia (4 percent), Ukraine (4 percent), Iraq (4 percent), Vietnam (4 percent), Germany (3 percent), and India (3 percent). The other 38 percent was made up of more than 200 countries.

Looking at these statistics it would appear the power lies well and truly with the cybercriminal, which is why Lonas says it’s vital that businesses roll their sleeves up and ensure their cybersecurity defences are up to scratch.

Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Emotet malware is on a rampage after months of silence
CERT agencies around the world are reporting a surge in cyber attacks related to the Emotet malware, which is being distributed by email.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More