Positive Technologies cybersecurity report shows сryptolocker infection rate growing to 24 percent of all attacks

Positive Technologies’ researchers have summarized cybersecurity trends of first quarter 2019 in a new report entitled CyberThreatscape Q1. The main trends include a significant rise of infection via cryptolockers; an increase in the number of unique threats; a large number of new hybrid Trojans; an increase in the number of attacks aiming at data theft; and a decrease in cryptojacking.

As noted, Positive Technologies experts have recorded an increase in cryptolocker infection rates to the tune of 24 percent versus 9 percent in the last quarter of 2018. Quite often this type of malware is combined with phishing as hackers continue to find new ways of tricking users and forcing them to pay ransom. More and more frequently, attackers are targeting state institutions with cryptolocker attacks; for example, authorities in Jackson County, Georgia USA recently paid a ransom of $400,000 to restore infrastructure.

"Phishing emails are still one of the most popular and efficient ways of delivering malicious software,” said Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies, “but that's not the only route of malware distribution by far. For instance, users download a lot of files from torrent trackers, which increases the risk of malware infection exponentially; also, using files that pretend to be movies, attackers have been able to distribute software for swapping addresses of Bitcoin and Ethereum wallets at the moment when data is inserted from the exchange buffer. These new methods of attack demonstrate how creative and sophisticated attackers are becoming."

In the first quarter of 2019 the number of unique threats also grew, exceeding the numbers from Q1 of last year by 11 percent. However, the share of targeted attacks was reduced slightly in comparison with fourth quarter 2018, at 47 percent versus 53 percent.

Since the beginning of the year there have been an increasing number of cases of infection using multifunctional Trojans, or modular malware, which combine the functions of various types of malware. For instance, the DanaBot Trojan contains components for remote control and functions of a banking Trojan, and can also steal passwords from a number of applications.

Experts also found that half of attacks (54 percent) aim to steal information, and attackers are after all kinds of data, from personal correspondence to commercial secrets. However, credentials, personal data, and payment card information are still the most valuable and sought-after. The share of incidents in which victims are individuals, as opposed to businesses and other types of organizations, remains virtually unchanged at 21 percent versus 22 percent in fourth quarter 2018. As for organizations, attackers most often hit government agencies (16%), medical institutions (10%) and industrial companies (10%).

Finally some good news: the number of attacks aimed at covert mining of cryptocurrency has decreased due to its increasing complexity, which has made it less and less profitable. A year ago, at the beginning of 2018, the share of miners rose as high as 23 percent, yet in the fourth quarter fell to only 9 percent. In first quarter 2019, the share of cryptojacking was only 7.