WINNERS AND LOSERS OF THE 2018 CYBERTHREAT ROLLERCOASTER Claudio Tosi, Sales Engineer, Malwarebytes 1
Why are businesses getting hit with so much malware? 2
BUSINESS DETECTION 2017/2018 Silent Threats On the Rise Pos. Threat Y/Y% Change 1 Trojan 132% 2 Hijacker 43% 3 Riskware Tool 126% 4 Backdoor 173% 5 Adware 1% 6 Spyware 142% 7 Ransom 9% 8 Worm -9% 9 Rogue -52% 10 HackTool -45% 2017 39,970,812 2018 71,823,114 Overall Detections 79% 3
BUSINESS DETECTION 2017/2018 EMEA Top detections 4
UK Top Threat 5
Hijack.Tray 2% RiskWare.IFEOHijack 3% Generic.Backdoor 2% Ransom.WannaCrypt 2% Breaking Down the RiskWare.BitCoinMiner 5% Backdoor.Vools 6% Trojan.TrickBot 6% Generic.Malware 32% Top Threats of 2018 Trojan.Emotet 19% Generic.Trojan 23% 6
Why Emotet Is So Effective 1 2 3 4 5 MALWAREBYTES PREVENTION LAYERS: Anti-Exploit Anti-Malware Web Protection 7 6 7
How TrickBot Works 8
Notice Any Similarities? Emotet TrickBot Original intent Banking Trojan Banking Trojan Latest malicious action Downloader Downloader Unique capability Built-in spam module Credential stealer/brute force Method of lateral movement Eternal exploits Eternal exploits Exposure and impact to businesses Increased in 2018 Increased in 2018 9
Emotet and TrickBot: Here and Abroad Emotet TrickBot In the last 30 days in the UK alone, we have cleaned Emotet from 3,451,874 machines In the last 30 days in the UK alone, we have cleaned TrickBot from 167,227 machines 10
Other Eternal Problems Vools Detections 2018 Vools Backdoor First showed up in May 2018 Utilize Eternal exploits to infect networks from the outside Used to spread crypto miners Heavy detections in APAC Similar infection method as WannaCry 600,000 500,000 400,000 300,000 200,000 100,000 0 5/2018 6/2018 7/2018 8/2018 9/2018 10/2018 11/2018 12/2018 1/2019 11
Ransomware GandCrab Infection routes: RDP Exploit Kits Phishing Botnets Ransomware as a service 50000 45000 40000 35000 30000 25000 20000 Encrypts network shares Kills applications Distributed quickly No decryptors for current versions 15000 10000 5000 0 Global GrandCrab GandCrab Detections 2018 Consumer 12
Ransomware Ryuk Detections 60 Ryuk New malware family found in 2018 Used to attack Water Authorities, Cloud Backup Sites, etc. Based on Hermes Ransomware Holiday Attack Campaign Distributed through Trickbot after Emotet infection. 50 40 30 20 10 0 13
Ransomware WannaCry Detections 2018 WannaCry Still heavily detected worldwide WannaCry theories Neutered roaming infections Repurposing of threat Previous infections finally being cleaned up 60,000 50,000 40,000 30,000 20,000 10,000 0 14
Cryptominers Cryptominer Detections vs Bitcoin Price 2018 Miners dominate the first half of 2018 Large spikes in crypto currency valuation match large spikes in detections Detection numbers have now returned to normal 15
Upcoming Challenges The IT-Sec Industry will solve username/ password problem High profile breaches will keep happening open up the door for future scams/sextorsion Eternal malware will become the norm Attacks designed to avoid detection, like soundloggers, will slip into the wild. Artificial intelligence in malware creation 16
PREVENT Multiple Protection Layers Effective Solution Components
Effective Solution Components DETECT Advanced Detection Techniques
Effective Solution Components RESPOND Comprehensive Remediation
Layer Protection Technology REVERT ISOLATE AND CONTROL MONITORING and RECORDING Behaviour Analysis Machine Learning Payload analysis and detection Reducing the Attack Surface EXPLOIT PROTECTION WEB TRAFFIC PREVENTION REMEDIATION
Malwarebytes Endpoint Protection and Response We Don t Just Stop Breaches. We Fix Them. Edr without complexity Unmatched threat visibility Comprehensive attack chain protection #1 trusted name in remediation 21
Protecting 60,000 Businesses Worldwide 22
Before You Go... See our Solutions Free Gifts State of Malware Report 23