Cybercriminals are turning their attention away from consumers to focus on businesses, a recent report from Malwarebytes found.
According to the “Cybercrime Tactics and Techniques Q1 2019” report, overall detections of enterprise security threats are rising steadily. While consumer detections declined by almost 40% from the final quarter of 2018, business detections increased by about 7%. Compared to the first quarter of 2018, malware detections in businesses increased 235% in the first quarter of 2019, while consumer detections declined 24%.
Emotet-based malware attacks are also shifting away from consumers onto businesses, the report found. Detection of Trojans on business endpoints has increased more than 200% from the previous quarter and almost 650% compared to the first quarter of 2018, according to the report.
Organizations are also being plagued by ransomware attacks, with an increase of 195% in detections from the final quarter of 2018 and an uptick of over 500% year over year, according to the report.
“Cybercriminals go where the money is, where the low-hanging fruit is, and if they can cause a lot of damage without a lot of work, then they will,” said Adam Kujawa, director of Malwarebytes Labs.
Enterprise security threats are on the rise because targeting businesses provides a better return on investment, said Amit Bareket, CEO and co-founder of Tel Aviv-based network security startup Perimeter 81.
“With that said, enterprises can protect themselves from malicious actors by mapping all critical assets, network resources and creating a proactive defense strategy,” Bareket said via email. “[They should be] utilizing holistic security-as-a-service solutions that are well-suited for modern security threats in order to better gain network and system visibility and effectively prevent cyberattacks.”
What’s driving ransomware attacks
Ransomware attacks are on the rise because of two key factors, said Alton Kizziah, vice president of global managed services at cybersecurity firm Kudelski Security.
Bitcoin is not as valuable as it used to be and there’s just not as much easy money in cryptojacking attacks any more for criminals, Kizziah said.
“The second factor, and why ransomware is more profitable, is because businesses are paying the ransoms to get their data back,” he said.
Adam Kujawa Director, Malwarebytes Labs
Cryptocurrency mining via cryptojacking might have been a profitable business when Bitcoin was near the $20,000 mark, said Rene Kolga, senior director of product and marketing at security vendor Nyotron, based in Santa Clara, Calif.
“After it crashed down to almost $3,000, cybercriminals turned back to their proven money-making tool — ransomware,” Kolga said via email. “Even though it requires more custom work, the payback is worth it for them.”
Another contributing factor behind the rising enterprise security threats and the growth of ransomware attacks, Bareket said, is the amount of information hosted online and in the cloud; there is so much more confidential data that can be up for grabs.
“In addition, with the mobile and distributed workforce, organizations now have so many more endpoints and networks to protect and many security products to manage,” Bareket said. “Malicious actors are in a very advantageous position to gain access to critical information and hold businesses hostage by locking down data for ransom.”
Defending against malware attacks
There are several reasons why enterprise security threats — especially malware attacks — are on the rise, Kudelski Security’s Kizziah said.
“One of the most interesting is criminal groups’ adoption of the latest, freely available malcode, which is quite advanced, easy to modify for different specific purposes, and modular, so it can use different techniques to infect an endpoint,” Kizziah said.
With over two billion known malware out there and with new malware being introduced every single day, it is impossible to achieve a reasonable level of protection with the traditional approaches to cybersecurity, which is focused on “chasing the bad,” Nyotron’s Kolga said.
Instead, businesses should refocus their efforts on the “ensuring good” approach, Kolga said. This can be achieved through whitelisting approaches for application control and OS behavior, he added.
Perimeter 81’s Bareket said recommended zero-trust, software-defined perimeter technologies, which allow only policy-based, authorized access. He also suggested smaller steps such as using encrypted communication channels and restricting employees on the go from using unsecured public Wi-Fi networks.
Cybercriminals will always find a way to infiltrate businesses, Kujawa believes. He advised companies to adopt a mindset that is not focused solely on prevention. Enterprises should have a plan in place for when threat actors gain access to networks, so that they can protect the most important data with additional layers of security and to ensure that business operations are not disrupted.
“Sometimes that means setting up a fake database that looks juicy for the cybercriminals, so when they happen to break into your network, they won’t go dig around for the more secure stuff — they’ll find a low-hanging fruit and will take it and go,” he said.
When it comes to malware attacks, most Trojans like Emotet are primarily spread through emails, Kujawa said.
Enterprises should take measures to reduce the chances of a simple phishing email turning into a data exfiltration attack, experts advised.
“If you can get your employees to question things they see, … if you can get them to the point where if they see an email that looks suspicious, they will say, ‘I’m going to at least check with someone else first before I open it blindly;’ that is going to close off a huge avenue for cybercriminals to attack people,” Kujawa said.