Cyber-criminals eased into the year with a somewhat quiet first and second quarter, but according to a new report from Malwarebytes, attackers made some noise in Q3 2018. In the Cybercrime, Tactics and Techniques Q3 2018, researchers found that business detections were up 55% compared to 4% for consumers, indicating that cybercriminals are targeting victims who promise a greater return on their investments.
One notable shift in tactics was with the use of traditionally consumer-leaning malware, which the report said are now being leveraged in business attacks. The number of Trojan detections for both businesses and consumers rose 86% from last quarter.
Ransomware, cryptojacking and adware also contributed to this increase in business attacks. In addition, older strains of banking Trojans experienced a comeback, and researchers discovered the emergence of new ones, making this form of malware the number-one detection for both businesses and consumers.
Information-stealing malware, like Emotet and LokiBot grew in Q3. Researchers reported an overall increase of 5% or 1.7 million more detections in Q3 than in Q2. Emotet detections rose by 37% and ranked in the top six malware for business.
Exploit kits also had a busy quarter, with Underminder and Fallout standing out among exploit kit activity. Though not used as a singular weapon, exploit kits were added as components of web-based attacks. Attackers notably targeted Asia and expanded from South Korea into Japan.
Ransomware attacks on businesses were up 88%. Although consumer detections decreased, researchers noted the development of 40 new ransomware variants, though not all were released into the wild. Gandcrab evolved to become more lethal, and Magniber expanded into new regions.
In related news, Malwarebytes researchers noted that over the last few months, MirkoTan (a Latvian company that makes routers and ISP wireless systems) has been dealing with a stream of attacks affecting its products’ operating systems. The string of attacks began in late April when a critical flaw in RouterOS was identified.
Jérôme Segura, lead malware intelligence analyst at Malwarebytes today wrote about a new attack that has emerged, with threat actors using social engineering to get users to install a fake update with a piece of malware that scans random IP ranges to identify vulnerable routers and exploit them. Once infected, the routers are injected with a Coinhive script that forces the users behind the router to mine for cryptocurrency while they browse the internet.