Carbon Black 2017 Threat Report: Non-Malware Attacks and Ransomware Continue to Own the Spotlight
As the calendar shifted from December 2016 to January 2017, the prospect of a large-scale cyberattack loomed. Questions over the possible hacking of the 2016 U.S. presidential election swirled and businesses faced a growing attack vector in ransomware. In 2016, ransomware was estimated to be an $850 million crime.
As we shift to 2018, questions still exist regarding the politics and possibility of a hacked democracy, but one thing is abundantly clear – 2017 saw several large-scale cyberattacks including WannaCry, NotPetya, and BadRabbit demonstrating that ransomware is not going anywhere. Ransomware is now estimated to be a $5 billion crime, according to recent research from Cybersecurity Ventures.
Ransomware, combined with the continued ubiquity of mass malware and non-malware attacks, is creating a vast attack surface for cyberattackers, who are getting more creative and persistent.
To better understand the evolving attack landscape as we head into 2018, the Carbon Black Threat Analysis Unit (TAU) researched the current state of ransomware, malware, and non-malware attacks. In particular we looked at how, and how frequently, Carbon Black customers have been targeted. In this report the TAU also provides some predictions for 2018.
In 2017, ransomware is estimated to be a $5 billion crime, according to recent research from Cybersecurity Ventures. In 2016, the estimate was $850 million. In 2015, the estimate was a mere $24 million.
As we close out 2017, every computer protected by Carbon Black is being targeted by an attack an average of 3x per month. At the beginning of 2017, this number was less than one attack per month on average (0.7), a growth rate of 328%. Throughout 2017, there was, on average, a 13% increase per month in attacks targeting endpoints protected by Carbon Black.
52% of all attacks seen in 2017 were non-malware attacks. Malware-based attacks account for the remaining 48% of attacks. Non-malware attacks are increasing at a rate of 6.8% per month.
Ransomware most often targeted technology companies, government / non-profit organizations and legal firms in 2017.
The most common ransomware variants seen in 2017 were: Spora, CryptXXX / Exxroute, Locky, Cerber, and Genasom.
Financial organizations, healthcare providers and retail stores were the top three verticals targeted by cyberattacks leveraging malware in 2017.
The top five most seen malware families seen in 2017 were: Kryptik, Strictor, Nemucod, Emotet, and Skeeyah.