According to Positive Technologies data, the most frequent targets of attacks by hackers in 2017 were corporate infrastructures and web resources. Other major trends included encryptionware, Ransomware-as-a-Service, and attacks on banks, cryptocurrency exchanges, and ICOs.
Trojan encryptionware was the biggest trend of 2017. Ransom was not the only goal of such malware—some Trojans encrypted victims' hard drives and threw away the key, causing enormous damage to corporate infrastructures.
The division of labor in malware was noticeable, with some hackers attacking systems and others writing code behind the scenes. The Ransomware-as-a-Service model caught on, which meant the same Trojans were reused by multiple different groups. As a result, the barrier to entry for cybercriminals fell dramatically, with anyone able to buy malware, with no technical skills required. This means that the number of malware campaigns will almost certainly increase in the coming months.
Ordinary users also fell victim to cyber incidents at an increasing rate in 2017. In the first quarter, Positive Technologies detected 21 unique attacks on individuals, but this figure approached 100 by the fourth quarter. This trend, too, is likely related to the popularity of Ransomware-as-a-Service: novice cybercriminals in search of quick profit buy Trojans and use them against individual users. Individuals were the most common target sector, accounting for a quarter of attacks (26%).
The primary motives of attackers in 2017 were direct financial gain (70%) and data theft (26%). In the world of data theft, medical records and payment cards were the most popular. Although personal data is still a major target for criminals, experts note that it now fetches a lower price on the darknet than before.
The cryptocurrency boom and plethora of initial coin offerings (ICOs) attracted the attention of criminals, who attacked cryptocurrency exchanges, wallets, and ICOs. As cryptocurrency mania caught on, investors were busy setting up wallets and transferring money to them—as hackers bruteforced credentials and stole the proceeds.
Cybercriminals also paid attention to the burgeoning Internet of Things. These "smart devices" are easily compromised en masse, meaning that millions of routers, IP cameras, vacuum cleaners, and other appliances joined botnets used for mining cryptocurrency, spying on users, performing DDoS attacks, and more.
Major political events have inspired hackers to perform illegal acts. Cyberattacks have become a political instrument and effective tool for shaping public opinion.
Based on the results of 2017, Positive Technologies analysts shared her predictions: "Large-scale malicious attacks will evolve. As opposed to simple economic motivation, these attacks will likely aim at having a destructive impact on the infrastructure of a target company or even an entire industry. Malware is turning into a bona fide weapon with destructive capabilities, while cyberattacks will become even more sophisticated and complex."
In their view, not all industries are equally exposed to the increasing risks: "If operators of network-connected industrial equipment fail to keep operating systems and software up to date, in addition to taking other necessary measures, dramatic targeted attacks on manufacturers and their ICS equipment are a distinct risk. A similar threat exists for banks and other financial institutions. In the absence of government oversight, the anonymity of cryptocurrency may offer a golden opportunity for criminals interested in theft and money laundering."