Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Legacy Cybersecurity Defenses Won’t Keep Pace with New Ransomware and Cryptojacking Threats

March 2018 by Webroot

Webroot revealed the results from the 2018 edition of
its annual threat report, which demonstrated attackers are constantly trying new
ways to get around established defenses. The data, collected throughout 2017 by
Webroot, illustrates that attacks such as ransomware are becoming a worldwide threat
and are seamlessly bypassing legacy security solutions because organizations are
neglecting to patch, update, or replace their current products.

The findings showcase a dangerous, dynamic threat landscape that demands
organizations deploy multi-layered defenses that leverage real-time threat
intelligence.

Notable Findings and Analysis:

· Cryptojacking is gaining traction as a profitable and anonymous attack
that requires minimal effort. Since September 2017, more than 5,000 websites have
been compromised with JavaScript cryptocurrency miner CoinHive to mine Monero by
hijacking site visitors’ CPU power.

· Windows 10 is almost twice as safe as Windows 7. However, the data
reveals that the operating system migration rate for enterprises has been quite
slow; Webroot saw only 32 percent of corporate devices running Windows 10 by the end
of 2017.

· Polymorphism, i.e. creating slightly different variants of malicious or
unwanted files, has become mainstream. In 2017, 93 percent of the malware
encountered and 95 percent of potentially unwanted applications (PUAs) were only
seen on one machine. In these instances, the identifiers are unique and undetectable
by traditional signature-based security approaches.

· Ransomware and its variants became an even more serious threat. This past
year, new and reused ransomware variants were distributed with a variety of
purposes. Together, WannaCry and NotPetya infected more than 200,000 machines in
over 100 countries within just 24 hours.

· High-risk IP addresses continue to cycle from malicious to benign and
back again. Webroot saw 10,000 malicious IP addresses reused an average of 18 times
each in 2017. The vast majority of malicious IP addresses represent spam sites (65
percent), followed by scanners (19 percent), and Windows exploits (9 percent).

· Of the hundreds of thousands of new websites created each day in 2017, 25
percent of URLS were deemed malicious, suspicious, or moderately risky. High-risk
URLs fell into two major categories: malware sites (33 percent) and proxy avoidance
and anonymizers (40 percent).

· Phishing attacks are becoming increasingly targeted, using social
engineering and IP masking to achieve greater success. On average, phishing sites
were online from four to eight hours, meaning they were designed to evade
traditional anti-phishing strategies. Only 62 domains were responsible for 90
percent of the phishing attacks observed in 2017.

· Mobile devices continue to be a prime target for attackers—32 percent
of mobile apps were found to be malicious. Trojans continue to be the most prevalent
form of malicious mobile apps (67 percent), followed by PUAs (20 percent).

Hal Lonas, Chief Technology Officer, Webroot
“Over the past year, news headlines have revealed that attackers are becoming more
aggressive and getting extremely creative. Cryptojacking made our threat report for
the first time this year as an emerging threat that combines everything an attacker
could want: anonymity, ease of deployment, low-risk, and high-reward. Organizations
need to use real-time threat intelligence to detect these types of emerging threats
and stop attacks before they strike.”


The 2018 Webroot Threat Report presents analysis, findings, and insights from the
Webroot Threat Research team on the state of cyber threats. The report analyzed more
than 27 billion URLs, 600 million domains, 4.3 billion IP addresses, 62 million
mobile apps, 15 billion file behaviour records, and 52 million connected servers.
The statistics contained in the report come from threat intelligence metrics
automatically captured from millions of real-world, global sensors, as well as
third-party sources, and analyzed by the Webroot® Threat Intelligence Platform.


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts