Trojans
Similar to cryptomining, trojans started the year strongly. The incredibly high number of endpoints connecting to trojan sites was largely due to Ursnif/Gozi and IcedID. Those are two threats known to work in tandem to deliver ransomware.
“These two threats alone comprised 82% of trojans seen on endpoints in January,” Nahorney said. “However, the above-average numbers from January were likely tied to a holiday-season campaign by attackers, and declined and stabilized as the year progressed. In late July, Emotet emerged from its slumber once again, comprising a massive amount of traffic that grew through September. This threat alone is responsible for the large increase in DNS activity from August through September. In all, 45% of organizations encountered Emotet.”
