Webroot has released its third annual Nastiest Malware list highlighting 2019's worst cybersecurity threats and the fact that consumers and businesses alike need to take cybersecurity education more seriously.
Ransomware campaigns continued to see success this year by evolving to a more targeted model initially adopted in previous years and SMBs remain a prime target as they struggle with limited security budgets and cybersecurity skills.
Emotet, Trickbot and Ryuk was one of the most successful chains of 2019 in terms of financial damages. These malware strains have shifted their focus to more reconnaissance-based operation in which they assign a value to a targeted network after it has been infected and then send the ransom for that amount after moving laterally inside the network.
- Ransomware mutations double in 2019
- Businesses facing major threat from financial malware
- "Son of Mirai" botnet appears
Gandcrab was the most successful instance of ransomware as a service to date and its authors have boasted shared profits in excess of $2bn. However, after Gandcrab's authors retired, Sodinokibi (Sodin/REvil) rose to take its place.
Back for its second year on the Nastiest Malware list, the Crysis/Dharma ransomware was actively distributed during the first half of 2019 and it was distributed through RDP compromise.
Phishing and botnets
Email-based malware campaigns increased dramatically in both complexity and believeability in 2019. Phishing campaigns also became more personalized and sextortion emails became quite popular as well.
When it comes to phishing, company impersonation posed a huge threat to businesses as cybercriminals would pretend to be from legitimate companies in order to have employees open their emails. Business email compromise (BEC) attacks were used to target individuals responsible for sending payments and cybercriminals used spoof email accounts or impersonated company executives to prey on unsuspecting victims.
According to Webroot, botnets remained a dominant force in the infection attack chain and no other type of malware was able to deliver more payloads of ransomware or cryptomining.
Emotet was the most prevalent malware of 2018 and it continued its dominance in 2019. Despite a brief shutdown in June, Emotet resurfaced in September as the largest botnet delivering various malicious payloads. Trickbot was also a major threat and its modular infrastructure makes it difficult to remove on any network it infects. Combining this botnet with the Ryuk ransomware made for one of the most devastating targeted attacks of 2019. Dridex was once considered one of the most prominent banking Trojans but is now used as an implant in the infection chain alongside the Bitpaymer ransomware.
Security analyst at Webroot, Tyler Moffit provided further insight on this year's Nastiest Malware list, saying:
"It comes as no surprise that we continue to see cybercriminals evolve their tactics. They may be using the same strains of malware, but they are making better use of the immense volume of stolen personal information available to craft more convincing targeted attacks. Consumers and organizations need to adopt a layered security approach and not underestimate the power of consistent security training as they work to improve their cyber resiliency and protection."
- Keep your devices protected with the best antivirus software