SMBs Are Paying the Price of Cybercrime’s Evolution
Ransomware is now just one of the many cyber crime and malware variants that SMBs have to worry about.
November 13, 2019
Sponsored by AT&T Cybersecurity
Last year, 54% of companies experienced a successful attack that compromised their data or IT infrastructure. With malware evolving at a whirlwind pace, staying ahead of the threat landscape has never been more difficult. To further complicate things, in the first half of 2018 Barkly researchers noted several fundamental shifts in cybercrime tactics. These shifts have had major implications for the types of attacks criminals are launching, and we expect them to continue to influence attack campaigns throughout the rest of 2018.
Here are three of the biggest examples we’ve identified as part of our ongoing research into cybercrime and malware campaigns at Barkly.
Criminals are giving up on ransomware.
What’s changing:
Businesses that have spent the last two years prioritizing defensive efforts against ransomware may be surprised to learn that the majority of criminals have moved on to more silent and stealthy attacks that are very difficult to prevent. Once the most popular payload by far, ransomware infections have dropped significantly. In October 2018, ransomware ranked as the sixth-most prevalent payload, behind miners, banking Trojans, adware, backdoors and spyware.
Why the dramatic drop? There are a variety of factors at play, but the simplest answer is that, following an initial boom, many criminals flocked to ransomware as a way to get rich quick, only to discover not enough victims were willing or able to pay. That isn’t to say ransomware has gone away completely, but the attack campaigns that are still active tend to be more targeted on specific industries such as healthcare, education, and local government, or launched from an increasingly consolidated number of “ransomware-as-a-service” operators (more on those below).
What it means for small businesses:
Investing in backups may have helped turn the tide against ransomware by providing victims with an alternative to paying, but it didn’t do anything to address the underlying issue of businesses being easily compromised in the first place. Backups do not prevent attackers from stealing sensitive information or draining resources. Now that ransomware has been supplanted by banking trojans and miners, one of the big dangers is that small businesses with limited budgets may be assuming backups are an adequate stand-in for actual protection.
In addition, the switch to stealthier payloads means companies can no longer rely on the malware to let them know they’ve been infected. Trojans, miners and backdoors are all designed to blend in with normal system activity and avoid detection for as long as possible. That completely changes the game for IT and security professionals. No longer do they need the capability to quickly isolate and recover from obvious attacks; they now need the capability to detect and pre-emptively block evasive malicious activities that would otherwise go unnoticed.
Malware services is where the money is.
What’s changing:
While other cybercriminals search for alternative ways to successfully monetize their attacks now that the ransomware well is drying up, some groups have pivoted their business models from taking money from victims to acting as a supplier to other criminals. Take, for example, Emotet. Formerly a stand-alone banking Trojan, it now operates primarily as a downloader for other banking trojans, and business is booming. According to researchers at Proofpoint, Emotet accounted for a third of all malicious payloads in the first quarter of 2018.
On the ransomware front, one of the most prevalent strains lately is GandCrab, a ransomware-as-a-service (RaaS) operation that allows criminals to create and customize their own variants in exchange for 30-40% of the profits.
What it means for small businesses:
As more criminals shift to providing malware service platforms, the ensuing competition is fueling an arms race. Providers of the malware services are feeling ongoing pressure to provide more features and functionality while staying a step ahead of security solutions. GandCrab and the fellow RaaS operation DBGer are two prime examples. Formerly called Satan, DBGer’s developers have continuously made improvements to the ransomware’s code and feature set, adding several lateral movement and self-propagating capabilities.
Rapid iteration is the name of the game for GandCrab and other operations like it, and that unfortunately means that small businesses are at risk of falling even further behind. IT leaders at small businesses need to stay informed and make sure their endpoint protection can keep pace by adapting alongside increasingly agile threats.
Malware is increasingly modular.
What’s changing:
These days it’s becoming increasingly rare for attackers to utilize their own custom malware at every stage during an attack. Instead, the majority of attacks are conducted utilizing a variety of plug-and-play tools and payloads that each have their own specialty and play a specific role. For example, a single attack campaign can consist of an initial downloader charged with gaining an initial foothold, a banking Trojan payload designed to steal credentials and drain bank accounts, and an additional cryptominer payload that serves as a subsequent way of monetizing the infection. Each individual component can be easily purchased, rented or, in some cases, even downloaded for free from GitHub.
What it means for small businesses:
The fallacy that only large corporations need to worry about advanced attacks is becoming more inaccurate by the day. Two-thirds of the organizations we’ve spoken with say the sophistication level of the attacks they’re seeing has steadily risen. That is in part due to how easy it has become to piece together attacks incorporating the latest exploits and evasive techniques.
In addition to facing more pressure to patch their systems and update their security more quickly, small businesses have to operate under the impression that if they do become infected with malware they may be dealing with more than one type of infection.
Investing in Security That Is Resilient to Change
Staying on top of all of these changes is an uphill battle IT leaders at SMBs frankly don’t have time for. That’s why, when investing in new security solutions, it is important for organizations to select products that are built to adapt to new threats as quickly as possible. Better yet, investing in solutions that detect and block the core fundamental behaviors that all attacks rely on can give IT leaders the confidence of knowing that their organization is protected no matter how rapidly attacks evolve.
Mike Duffy is CEO and co-founder Barkly, the endpoint protection platform that delivers the strongest protection with the fewest false positives and simplest management. Prior to founding Barkly, he led OpenPages to become the leading provider of GRC solutions for the enterprise, acquired by IBM in 2010. Before OpenPages, he was general manager for Intel’s wide area networking business and senior vice president of worldwide sales and marketing at Shiva Corp. He also led sales and marketing for internet pioneer BBNPlanet. Mike has been the recipient of the Ernst and Young “Entrepreneur of the Year” award.
This guest blog is part of a Channel Futures sponsorship.
Read more about:
MSPsAbout the Author
You May Also Like