Cybercrime tactics are shifting from a decline in ransomware to an increase in malware

Staying ahead of the threat landscape has never been so challenging. Innovation of defense mechanisms and processes have created a fundamental shift in defense tactics. Threat actors are changing the way that they launch attacks to continue the monetization of their efforts. Most recently, the cybercrime industry is experiencing a tactical shift with a decline in ransomware to the rise of malware.

For years, organizations focused on prioritizing defenses against ransomware. For now, ransomware has been dethroned as the number one payload used in data breach campaigns. According to Kaspersky’s Ransomware and Malicious Cryptominers 2016-2018 report, ransomware infections have fallen 30% over the past twelve months, dropping to the number six spot in payload.

Overexposure and increased awareness are all reasons that contributed to the downward spiral of ransomware. But the biggest reason that contributes to the decline of ransomware is the fact that the majority of victims are declining to pay, making these attacks unprofitable. This doesn’t mean that ransomware is going away. The attack campaigns are still active, just preying more on specific industries – healthcare, education, and local government.

Organizations are increasing their investment in backups, which could also play a big part in the decrease in ransomware by giving victims an alternative to paying. While backups don’t stop threat actors from compromising sensitive information, it’s given organizations confidence that business can continue after a breach.

Malware services take the spotlight

As the ransomware business starts to dry up, some threat actors are turning their efforts to cryptomining, trojans, and backdoors. All of these attack vectors are designed to be undetectable and blend in with normal system activity. And on top of this, the majority of attacks are utilizing a variety of tools to conduct an attack instead of a homebrewed malware. A single attack could use a backdoor to get in, a trojan to steal credentials and drain bank accounts, and a cryptominer to monetize the infection.

This completely changes the detection methods that organizations need to take to protect their systems. Now, not only do you need to be able to isolate and recover from attacks, you need to be able to detect and block malicious activities that are designed to go undetected. According to the Ponemon Institute, the average amount of time to identify a data breach is 197 days; that’s six months of havoc and unknown damage.

Getting ahead of the most current threat is a constant uphill battle for most organizations. With the shift in attacks, businesses are now at a greater risk of falling behind the curve. Implementing a security solution that can adapt to the changes in the threat landscape can ensure that your endpoints and systems stay secured. A security information and event management (SIEM) solution can provide real-time analysis of security alerts generated by the applications and devices that you have on your network, cloud, and on-premises environment. For more information about Magna5’s security services and for a free consultation, contact us today.