AppRiver, Check Point Reports Paint Dismal Cyber Threat Landscape

In the first half of 2017, 1.9 billion data records were lost or stolen as a result of cyberattacks.

Edward Gately, Senior News Editor

January 25, 2018

4 Min Read

To say 2017 was a bad year in terms of cybersecurity is a vast understatement, as attacks and data breaches hit an all-time high. That’s according to AppRiver’s annual Global Security Report.

In the first half of 2017, 1.9 billion data records were lost or stolen as a result of cyberattacks. This followed a tough year in 2016, when losses totaled $16 billion and criminals pocketed approximately $1 billion in ransomware payments alone.


AppRiver’s Troy Gill

Troy Gill, security analyst for AppRiver, the cloud-based cybersecurity and productivity services provider, tells Channel Partners that unpatched systems are still a big problem and are targeted with success. Attacks are far more complex than in the past, have become more customized and have added layers of complexity, he said.

Malware as a service is on the rise and will result in a much greater threat,” he said. “This is allowing more entrants to the cybercrime arena than ever before. Ransomware is still the most prolific malware, so make sure you are doing all you can to shore up defensive strategy. This includes prevention at all levels and recovery plans for incidents. Could data breaches get any worse? This should be a wake-up call to businesses that they need to assume they will be breached at some point. They need to ensure that all sensitive data at rest [are] being stored with strong encryption, as well as data in transit.”

More than 14.5 billion emails laced with malware were sent in 2017, according to the report. AppRiver also observed a 1,000 percent increase in phishing efforts — and much of this effort was part of multi-phased attacks where perpetrators use phishing campaigns tailored to gather user email login credentials, and then hijack ongoing email conversations by sending a malware attachment in a reply to an ongoing email conversation.

The majority of cyber threats were initiated in the United States and persisted throughout the year, with significant peaks in August, September and October, according to AppRiver.

Last year showed a significantly lower barrier of entry into cybercrime, with user profile names and credit card numbers readily available on the dark web and distribution of 20,000 messages for just $40. Some common attack types included: Distributed Spam Distraction (DSD), which fills inboxes with nonsense emails, simultaneously disguising a cybercriminal’s purchase or wire fraud activity and distracting users from seeing legitimate email; and the Adwind Remote Access Trojan (RAT), which provides hackers with remote control of malicious programs across Windows, Linux, Mac and Android devices, and was often introduced to users in the form of fake payment confirmation emails.

Many new strains of ransomware arrived in 2017, including Cerber, Jaff, Nemucod, Spora and Petya/NotPetya. WannaCry infected hundreds of thousands of computers globally, demanding a $300 bitcoin ransom, while Locky arrived at the rate of 4 million messages per hour.

Dynamic Data Exchange (DDE) protocol attacks produced emails spoofing the Security and Exchange Commission’s online public database, gaining further traction when the largest botnet (Necurs) began to distribute malicious DDE documents. During October of last year alone, AppRiver filters captured nearly …

… 50 million malicious DDE-laced documents.

Also Thursday, Check Point Software Technologies released its H2 2017 Global Threat Intelligence Trends report, which shows cybercriminals increasingly are turning to crypto-miners to develop illegal revenue streams. From July to December of last year, one in five organizations was impacted by crypto-mining malware, tools that allow cybercriminals to hijack the victim’s CPU or GPU power and existing resources to mine cryptocurrency, using as much as 65 percent of the end-user’s CPU power.

Check Point reports several attacks directed at enterprises originating from mobile devices. This includes mobile devices acting as a proxy, triggered by the MilkyDoor malware, and used to collect internal data from the enterprise network. Another type is mobile malware, such as Switcher, which attempts to attack network elements (e.g. routers) to redirect network traffic to a malicious server under the attacker’s control.

“The second half of 2017 has seen crypto-miners take the world by storm to become a favorite monetizing attack vector,” said Maya Horowitz, Check Point’s threat intelligence group manager. “While this is not an entirely new malware type, the increasing popularity and value of cryptocurrency has led to a significant increase in the distribution of crypto-mining malware. Also, there has been a continuation of trends, such as ransomware, that date back to 2016, which is still a leading attack vector, used for both global attacks and targeted attacks against specific organizations. Twenty-five percent of the attacks we saw in this period exploit vulnerabilities discovered over a decade ago, and less than 20 percent use ones from the last couple of years. So it’s clear that there is still a lot that organizations need to do to fully protect themselves against attacks.”

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like