While ransomware delivered the greatest impact and growth in 2016, threat actors still attempt data breaches and theft through more traditional methods.
PhishMe has released its 2016 Malware Year in Review report, which analysed over 2500 phishing attacks to map the various tools, tactics and techniques implemented and deployed by cyber-criminals.
The study identified four major trends that resulted from the evolution of the phishing threat landscape:
Ransomware delivers fastest growth, biggest impact: It reached high levels of maturity showing triple-digit growth in 2016.
Data theft goals: A large portion of phishing attacks recorded in 2016 continued to deliver more traditional malware varieties, such as information stealers, remote access Trojans or keyloggers in pursuit of corporate and financial data theft.
Bypassing technology with obfuscation techniques: Cyber-criminals ramped up anti-analysis techniques designed to overcome controls used to prevent cyber-attacks.
Malware delivery: Lightweight scripts overtook other malware delivery tools in proportion of usage, including documents which use Office macros.
Aaron Higbee, co-founder and chief technology officer at PhishMe explained that as ransomware tools dominated discussions in the industry in 2016, threat actors remained committed to familiar techniques. “In addition to focusing on the ‘smash and grab' of ransomware, threat actors also continue to quietly infiltrate the target's environment, thus making it increasingly important to detect malware during the delivery phase. This challenges the traditional sense of malware hunting, making it even more necessary to lay a phishing defence program at the core of any security strategy.”
The use of malware designed to steal private information remains a focus even as the use of popular encryption ransomware grew quickly. The widespread presence of “quiet malware” remains a vital threat. The malware allows threat actors to carry out long-term operations without interacting with the victim.
“A different approach in security is needed to prevent cyber-attacks from unfolding. Organisations must work toward building a sound phishing defence program that empowers its staff to spot and report suspicious-looking correspondence before it is too late,” said Higbee.