Today, more malware samples are created in just a few hours than in the entire twentieth century. The targets have changed, the techniques have become more sophisticated, the attack vectors have multiplied, and the tools are more precisely designed. Attackers are meticulously studying their victims to adapt their strategy and achieve the greatest possible impact.
Their efficiency, effectiveness, and profitability are proven time and again, with up to 75 million distinct malware files created between the beginning of the year and October, which translates to 285,000 new samples detected every day by PandaLabs.
2017 Cybersecurity Trends
More than half of attacks are motivated by financial targets, while espionage is the second greatest motivating factor.
Stealth attacks with adaptive lateral movements are becoming all too common.
Malwareless attacks are increasingly favored by attackers. They prefer to remain invisible to traditional protection models, and do not require the victim’s interaction. These attacks can double profitability when optimally executed.
Tools for exploiting vulnerabilities have given rise to new attack vectors that require no human interaction.
The endpoint is the target. The perimeter has become blurred, mobility is the norm in any company, and corporate networks are therefore much more exposed.
Ex-employees attempted to extort their previous companies, initiating attacks from within the company.
There was a larger presence of organized cybercriminal groups, such as the Lazarus Group, attacking the media, the aerospace and financial sectors, as well as critical infrastructures in the US and elsewhere.
Cyberwarfare and cyber-armies: in a full on arms race in cyberspace, nations are creating cyber command centers to bolster defenses against attacks on companies and infrastructures.
Figures
In 2017, PandaLabs analyzed and neutralized a total of 75 million malware files, about 285,000 new samples a day.
One thing is clear: there are many more malware samples, and each of them is infecting fewer devices individually. Each malware sample will attack a minimum number of devices in order to lower the risk of being detected and thereby achieve its goal.
This is supported by the fact that of all the new malware (PE files) never seen before this year (15,107,232), only 99.10% have been seen only once; in other words, in 14,972,010 samples. If we look at the figures from the other end, we see that indeed an insignificant part of all the malware is truly widespread. We have only seen 989 malware files on more than 1,000 computers — 0.01%.
This confirms what we already knew: with a few exceptions — such as WannaCry or HackCCleaner — most malware changes every time it infects, so each copy has a very limited distribution.
Listen to the webinar given by Luis Corrons, Technical Director of PandaLabs:
Cybersecurity Predictions for 2018
Cyberwarefare and its consequences: Instead of an open war where the opposing sides are clearly identifiable, we are facing a guerrilla strategy with isolated attacks whose authors are never clear. Freelancers at the service of the highest bidder, false flag operations, and an increase in collateral victims of these attacks is what’s in store for 2018.
Malwareless hacking attacks: attacks that abuse non-malicious tools or compromised applications to carry out their efforts will increase.
Malware for mobile devices and the Internet of Things will continue to rise. In general, IoT devices are not targeted by cybercriminals as the ultimate goal. But when compromised, these devices increase the attack surface and are used as a gateway to the company’s network.
More advanced attacks and more ransomware can be expected in the coming year. These attacks promise a high return on their investment at a low level of risk.
Companies will spearhead awareness-building initiatives for attacks: for the first time in history, the public will be aware of attacks that happen and are in many cases subsequently covered up, thanks to the new GDPR legislation.
Social networks and propaganda: there will be an increase in fake news due to the ability of these platforms to influence public opinion. Facebook, the largest social network in the world, is already taking action on the matter. If it is discovered that a Facebook page repeatedly distributes false news, it will prohibit it from being publicized on the social network.
Cryptocurrency: the use of cryptocurrencies will continue to grow, and all the cybercrime that surrounds it, such as infecting computers with cryptocurrency mining software or the theft of user wallets, will follow suit.
Conclusions
Security update protocols should be a priority at all companies. Cases such as WannaCry or Equifax reaffirm this, as every day that passes without patching a vulnerable system puts the company at risk, as well as the integrity of its data, including that of customers and suppliers. Production can be endangered and incur millions in losses.
Countries are investing more and more in defensive and offensive capabilities, with a focus on critical infrastructures.
2018 augurs a more dangerous situation. For many professionals, a change of mentality (and strategy) will be necessary to achieve the highest levels of security and protect the assets of their companies’ networks.
Both in business and at home, training and awareness are key. It follows that cybersecurity, often forgotten by management, will require a greater investment.
Having in-depth knowledge of attacks and what they consist of should be the basis for a good defensive strategy. Machine Learning tools and the investigations of Threat Hunting teams are essential to avoid future intrusions.
Signature files no longer work and the figures speak for themselves: more than 99% of all malware never appears again anywhere else.
There is a problem of focus: solutions that remain focused on fighting against malware (the majority of those available on the market) are doomed to become extinct if they do not change their strategy.
And of course, we can’t forget international cooperation and the creation of common legislative frameworks such as the GDPR. Having political and economic support and a plan of action will make it possible to benefit from the latest technological advances in the safest manner.
In the PandaLabs Annual Report, you can learn about real cases, review the most discussed attacks of 2017, and read more about what lies ahead in 2018.