Webroot has released its third annual list of Most Nasty Malware, highlighting the worst cybersecurity threats in 2019 and the fact that consumers and businesses should take cybersecurity training more seriously.
Ransomware campaigns continued to be successful this year as they moved to a more focused model, initially adopted in previous years, and SMEs remain a priority target due to their limited security budgets and cybersecurity skills.
Emotet, Trickbot, and Ryuk have been one of the most successful channels of 2019 in terms of financial damage. These types of malware have shifted their efforts to a more recognition-based operation where they assign value to a target network after infection, and then send the ransom for that amount after moving laterally within the network. net.
To date, Gandcrab has been the most successful instance of ransomware as a service and its authors have shared profits of more than € 2 billion. However, after the Gandcrab writers withdrew, Sodinokibi (Sodin / Revil) took their place.
Back for the second year on the list of the most malicious malware, the Crysis / Dharma ransomware was actively distributed in the first half of 2019, through the RDP compromise.
Phishing and botnets
Email-based malware campaigns have grown significantly in 2019 in terms of complexity and credibility. Phishing campaigns have also become more personalized and sextortion emails have also become very popular.
In the area of phishing, corporate identity theft posed a serious threat to companies, as cybercriminals allegedly belonged to legitimate companies for their employees to open their emails. Corporate Email Compromise (BEC) attacks were used to target those responsible for sending payments, and cybercriminals used fraudulent email accounts or copycat corporate executives to target unsuspecting victims.
According to Webroot, zombie networks have remained a dominant force in the infection attack chain and no other malware has been able to deliver more ransomware or crypto mining payloads.
Emotet was the most widespread malware in 2018 and continued to dominate in 2019. Despite a brief shutdown in June, Emotet reappeared in September as the largest botnet delivering malicious payloads. Trickbot was also a huge threat, and its modular infrastructure makes it difficult to remove on any infected network. The combination of this botnet with the Ryuk ransomware was one of the most devastating attacks of 2019. Dridex was once considered one of the most prominent banking Trojans, but is now used as an implant in the infection chain alongside the Bitpaymer ransomware.
Tyler Moffit, Webroot Security Analyst, provided an additional overview of this year's malware list, stating:
"It is not surprising that we continue to see cybercriminals changing their tactics - they may be using the same types of malware, but they are better off using the sheer volume of stolen personal data available to create more targeted attacks." Companies should take a layered approach to security and not underestimate the power of consistent security training as part of their efforts to improve their cyber resilience and protection. "