195% More Ransomware Attacks in Q1 of 2019 But Trojans Are Still a Major Threat

A new Malwarebytes report detailed the present strategies and techniques cybercriminals use to access business networks and sensitive information.

Malwarebytes’ Cybercrime Tactics and Techniques Q1 2019 is a compilation of information gathered from intelligence, data science teams and telemetry of consumers and business products from January 1 to March 31, 2019.

The report shows there was 235% more cyberattacks targeting companies in the past year. There was also significantly less cryptomining and other consumer threats, which dropped by 40% in 2018. It is obvious that cybercriminals are focusing their campaigns on targeting businesses and SMBs are very at risk as they generally have inadequate resources to considerably boost their cybersecurity protection.

The report indicates that the biggest malware threat at this time are Trojans. Trojan attacks increased by 650% from last year and by 200% in Q1, 2019. Emotet is the biggest Trojan threat. It is now pretty much entirely used for attacking businesses. Emotet steals information most often spread through phishing emails as well as the EternalBlue exploit. It can self-propagate and can transmit copies of itself to email contacts. It could likewise download other variants of malware like Ryuk ransomware.

Although ransomware attacks on businesses decreased in 2018, they increased by 195% in the Q1 of 2019. As compared to this time in 2018, businesses have 500% more ransomware detections. Malwarebytes remarks that the huge increase in detections in 2019 is largely because of a substantial Troldesh ransomware campaign hitting U.S businesses in the first quarter. About 336,634 ransomware detections were noted at businesses in 2019 Q1. Like the case with Trojans, there’s a decline in ransomware attacks on consumers, going down by 33% as this time last year.

Though ransomware attacks declined in 2018, the FBI’s Internet Crime Complaint Center (IC3) reveals higher losses. There is a report of $3.6 million in losses in 2018, though it must be mentioned that not all companies report ransomware attacks or the losses, thus the true figure is probably significantly higher. Additionally, those losses involve ransom payments and not losses related to the attacks.

Crytocurrency mining malware remains a big threat for companies, though consumer attacks are basically negligible considering that CoinHive ceased operations in March. Using adware has gone up, particularly on mobile and Macintosh gadgets. Mac malware detections went up 60% in Q1 of 2019 whereas adware detections increased by 200% in Q4 of 2018. Cybersecurity defenses in the healthcare industry are much better, though there are still lots of room to improve.

The biggest malware hazard in healthcare organizations is also Trojans and are the reason for 79% of malware detections. The the second biggest threat is riskware. Though not inherently harmful, riskware can alter the functionality of some programs and could stop the installation of patches, making healthcare organizations susceptible to attacks.

Ransomware, worms and spyware each cause 3% of malware detections in healthcare organizations. 37% of Trojan detections in the healthcare industry are due to Emotet. 34% of the Trojans posed as legit Microsoft files.

Healthcare organizations also encounter common attacks by cryptocurrency mining malware. According to Malwarebytes, 17% of healthcare systems exhibited signals that this type of malware is installed.

Ransomware attacks continually trouble the healthcare business. Although there are different variants used, what is disturbing is the continued use of WannaCry (WannaCrypt) to affect various industries, healthcare included. The MS17-010 patch can be used to block this threat, but numerous healthcare organizations do not have this yet making them vulnerable.

Spyware infections commonly occur after a Trickbot or Emotet infection. The spyware steals information stealers while running in the background and record keystrokes and send the information to the C2servers of the attackers.

The only worm threat that affect the healthcare sector is Parite, which is usually spread through emailed .exe. and .scr files. Worms spread quickly throughout a network and makes systems susceptible to more malware attacks and exploitation.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone