A Look at the 2018 Webroot Threat Report Mid-Year Update
At Webroot, we often say that it’s our job to protect our clients from an ever-shifting cyber threat landscape. As the mid-year update of our annual threat report shows, that cyber threat landscape shifted in seismic proportions to begin 2018.
One of the most significant developments of that time was the discovery of the Meltdown and Spectre vulnerabilities, which affected nearly every device with a CPU manufactured within the last 20 years. The nature of this discovery caused many in the security community to re-evaluate their approach to hardware-based threats relative to software-based ones.
But software-based threats were far from stagnant in the first half of the year, and some novel approaches to cybercrime showed just how unceasingly cybercriminals seek to innovate their approaches.
Let’s take a look at some of the developments to the cyber threat landscape Webroot threat researchers found notable in our mid-year Threat Report update.
A Reshuffled Trio of Top Threats
Change, cybersecurity’s only constant, showed its face again in early 2018, shuffling our list of the top three threats facing users. Here’s a breakdown:
1. Cryptomining – The New No. 1 Threat: Cryptomining essentially hijacks a CPU’s computing power and redirects it toward the task of mining a cryptocurrency, here most typically Monero. When augmented by botnets and scaling—e.g. planning for minimal CPU drain while the mouse is in use, but otherwise scaling up usage—both the profits and the strain on a victim’s energy bill can add up.
One likely reason it’s dethroned ransomware as our top threat is that it’s often an easier, less-risky way to make crime pay. Cryptomining is accompanied by a minimal illegal footprint (some sites even view it as viable alternative to ads for revenue generation) and it works on any device, not only laptops and smartphones, but also any internet-connected IoT device.
|Profit per Machine||$.01||$.25|
|Duration||7 Days||7 Days|
Example profits of a cryptomining operation based on activity and botnet size.
2. Ransomware with a Twist: As the industry improves its response to ransomware—by improving the quality and frequency of backups, and getting tougher in dealing with ransom requests—cybercriminals have modified their business model once more.
Remote desktop protocol (RDP) has become the favored method for cybercriminals looking to extort organizations. Using publicly available search tools like Shodan, bad actors can seek out inadequately secured RDP and turn them into the port of entry for evaluating the value of data, deploying ransomware, and even disabling pre-installed endpoint protection solutions.
The SamSam ransomware group, in particular, has made millions this year relying on this strategy, even bringing important municipal infrastructure operations to a halt in Atlanta and Colorado. Webroot talked about the risks of RDP in a blog posted earlier this year. Read it here.
3. Malware the Mainstay: While malware remains a prevalent threat, it’s declined by half as a proportion of web traffic in the first six months of 2018, down from 2 percent to 1 percent. But that’s not to say malware is out as a top threat. It still makes up 52 percent of all threats seen by Webroot, and botnets, the most common delivery method for malware, ensure it can still do widespread damage. In fact, the banking Trojan-delivering botnet Emotet ranks as the most prevalent and persistent botnet seen so far by Webroot threat researchers, earning its spot on our annual Nastiest Malware list for 2018.
Honorary Mention – Phishing Scams: Phishing scams may have been kept off the podium of top threats for the first half of 2018, but they would certainly have medaled in a “most improved” category. Webroot researchers recorded more than 60 percent increase in phishing attempts over that time. A new website took over the mantle of most imitated site from Google, as well. Download the report to see why the new most-imitated site is inherently more risky, raising the stakes for these attacks.
End-user Education: The Ultimate Force Multiplier against Threats
From being on the lookout for suspicious CPU drainage, to recognizing the signs of a phishing scam, there’s only one, over-arching solution that bolsters defenses against all of today’s top threats: user awareness training. As hardware vulnerabilities and weak RDP security go to show, even the best endpoint solutions can be given the end-around.
Only user training programs like Webroot® Security Awareness Training have a proven track record for reducing the rate at which users fall for phishing attacks or can teach about the dangers of lax password policies and default port policies. Rather than one-off training, ongoing user education is the answer to keeping your users up to date about the latest threats they face online.
To learn more about how Webroot can keep you and your clients safe from today’s most pressing threats, reach out to us.