2017 Record Year for Cybersecurity Breaches, Ransomware and Exploits
More than 14.5 billion emails laced with malware were sent in 2017 according to the annual Global Security Report by AppRiver.
Significant Cybersecurity Attacks of 2017
Phishing and Malware Attacks: AppRiver observed a 1,000 percent increase in phishing efforts, including those tailored to gather user email login credentials, followed by an unparalleled spike in malware attacks launched from the compromised email accounts of users across all services, including Office 365, Gmail, Yahoo and AOL.
Malware-as-a-Service: Last year illustrated a significantly lower barrier-of-entry into cybercrime, with user profile names and credit card numbers readily available on the dark web and distribution of 20K messages for just $40. Some common attack types included:
- DSD: AppRiver continued its reporting on Distributed Spam Distraction (DSD), which returned in strength last year. This attack fills inboxes with nonsense emails, simultaneously disguising a cybercriminal’s purchase or wire fraud activity in real time and distracting users from seeing legitimate email.
- RAT: The Adwind Remote Access Trojan (RAT) provides hackers with remote control of malicious programs across Windows, Linux, Mac and Android devices. In 2017, RAT was often introduced to users in the form of fake payment confirmation emails.
Ransomware: Many new strains of ransomware arrived in 2017, including Cerber, Jaff, Nemucod, Spora and Petya/NotPetya. Some of the most prolific included:
- WannaCry, which infected hundreds of thousands of computers worldwide, demanding a $300 bitcoin ransom.
- Locky, which was distributed mainly by the Necurs botnet and sometimes arrived at the rate of 4 million messages per hour. Fortunately for AppRiver customers, the SecureTide filter caught nearly 1 billion messages that would have led to a Locky infection.
DDE Attacks: The Dynamic Data Exchange (DDE) protocol attacks produced highly targeted emails spoofing the Security and Exchange Commission’s EDGAR, gaining further traction when the largest botnet (Necurs) began to distribute malicious DDE documents. During October of 2017 alone, AppRiver filters captured nearly 50 million malicious DDE-laced documents.
What’s ahead: discover the predictions for 2018!
Source: Security Magazine