A new cybercrime report from Malwarebytes showed total business threat detections are trending upward by 55%, while...
consumer detections increased by only 4% quarter over quarter.
In the company's eighth edition of the report, "Cybercrime Tactics and Techniques Q3 2018," Malwarebytes investigated the statistics, trends and observations over the past three months specifically. After describing the first two quarters as sleepy, researchers found attacks in the third quarter were targeting businesses in full force through exploit kits, ransomware and banking Trojans alike. With the rise in attacks on businesses versus consumers, Malwarebytes said threat actors seem to have realized that "business targets are returning more value for their efforts."
"We are seeing an increase in cybercrime, at least on the business side, which detected 55% more malware in the last quarter compared to the one prior. That's 1.7 million more detections," said Adam Kujawa, director of malware intelligence at Malwarebytes, based in Santa Clara, Calif. "On the consumer side, however, we only saw an increase of 4%, which is kind of irregular, because we're used to seeing more activity focused on the consumer side, where there are wide nets being cast to capture anyone they can, versus on the business side, where you don't see as many attacks."
Kujawa further noted that we're seeing more information stealers because they need new, fresh data. The cybercrime report also stated that ransomware and banking Trojans have "leaned much harder into their business targets this quarter. Even malware that's generally favored consumers, such as cryptominers and adware, seems to have graduated to a more professional prey."
The Malwarebytes report focused on banking Trojans, cryptomining, ransomware, remote access Trojans, adware, exploit kits and data breaches, while highlighting that there has been less ransomware activity this quarter compared with the prior quarters. However, of the ransomware attacks it's seen, Malwarebytes reported an 88% increase in attacks aimed at businesses, with the majority being GandCrab.
Kujawa said the GandCrab ransomware family has emerged as the most prominent threat, because it's already been updated twice this quarter with versions 4 and 5.
"V4 had a lot of significant upgrades to its capability, including giving it the ability to encrypt network drives, which is not something that most ransomware we see out there [does]. I mean, if it's not acting like an additional drive on the system, then ransomware will identify it," Kujawa said. "But we started seeing more and more ransomware actually go looking for network shares and then gaining access and encrypting all those files. The evolution of this technology is aimed at organizations that are networked so that it can spread the malware throughout, and we've seen plenty of GandCrab focused on the business side."
Despite the dwindling ransomware market, security researchers around the world have found almost 40 new families of ransomware, with some families making updates, resulting in more dangerous and powerful variants.
With GandCrab increasingly spreading, cryptomining has seemingly slowed down. Even though it is still a problem for businesses and consumers, the third-quarter cybercrime report showed the lowest detection count in a year, and Malwarebytes is no longer considering it the most prevalent threat. Malwarebytes researchers said they believe this could be due to the differences between the price of bitcoin and the cost to mine it, even though cybercriminals typically don't use their own resources for mining.
With businesses becoming the popular targets for threat actors, the cybercrime report noted that consumers may be tempted to let down their security guards. However, Malwarebytes researchers warned that with the continued evolution of the threat landscape, malware authors will likely use consumers for experimentation with new attackers and techniques.