2017 was a banner year for ransomware, but development is slowing as criminals turn to Trojans

Malwarebytes' State of Malware Report shows how criminals are changing tactics

Industry watchers have acknowledged that 2017 was ‘the year of ransomware', and Malwarebytes end-of-year report has confirmed it: showing a 90 per cent increase in its use against businesses, and 93 per cent against consumers. However, development of new strains is slowing.

The Malwarebytes ‘Cybercrime Tactics and Techniques: 2017 State of Malware Report' shows a much higher increase in ransomware in the UK than globally. Detections climbed 165 per cent, largely due to WannaCry.

Despite the increase in detections, both in the UK and globally, new families of ransomware are not being developed as quickly as they have been in the past, possibly due to rising knowledge and protection methods leading to fewer ransom payouts. The end of the year especially showed a change in cybercriminals' tactics, as they move towards banking Trojans and cryptocurrency mining instead.

More than 20 per cent of global attacks are now Trojans, with detections of banking Trojans more than doubling in the second half of the year. Hijackers, which are also used to steal credentials, rose almost 40 per cent globally and 134 per cent in the UK, making the country now equal to the USA in detection rate. Malwarebytes says, ‘What they can't hold for ransom, criminals will steal instead'.

2017 was also a banner year for spyware, incidents of which climbed 882 per cent in the UK compared to 2016: higher than any other region.

Criminals turn to crypto

Bitcoin rocketed up in value last year, climbing more than 900 per cent to become the world's fastest-growing asset - and other digital currencies also experienced unprecedented growth. That surge has attracted criminals, and they have begun to take over computers to perform mining operations for them, mostly using compromised websites. ‘By the end of 2017, basically anyone doing any kind of cybercrime was also likely dabbling in cryptomining'.

Malwarebytes blocked an average of 8 million drive-by mining attempts each day in September, it said.

Recent moves towards higher regulation of the global crypto market may discourage cybercriminals in the future.

Criminals and scammers change tactics

As well as a shift away from ransomware, exploit kits appear to be falling out of favour. No new zero-day exploits were utilised by any of the remaining kits in the wild in 2017. Instead, ‘malspam' (malicious spam) was a focus, as bad actors focused on evading detection techniques and exploiting flaws in Microsoft Office documents, which were often used to deliver a payload.

Scammers also changed their tactics, away from traditional browser locks to phishing emails and malvertising.

What will 2018 bring?

With the continued interest in cryptocurrencies and an unclear future for market regulation, criminals are likely to continue to develop drive-by mining tools, new mining platforms and new forms of malware to steal virtual currencies.

Other predictions include more risks for the IoT, after a ‘slow' year last year; more supply chain attacks in the vein of those affecting MeDoc and CCleaner; new malware targetting Mac computers; and even more weaponised zero-day vulnerabilities, due to information leaks from government and private businesses.

"With 2018 just getting started, these findings can help pave the way for increased awareness, C-level participation, and enhanced technologies to better protect both consumers and businesses," said CEO of Malwarebytes Marcin Kleczynski.