of the 2018 cyberthreat rollercoaster...silent threats on the rise 3 business detection 2017/2018...
TRANSCRIPT
WINNERS AND LOSERSOF THE 2018
CYBERTHREAT ROLLERCOASTER
1
Claudio Tosi, Sales Engineer, Malwarebytes
2
Why are businesses getting hitwith so much malware?
Silent Threats On the Rise
3
BUSINESS DETECTION 2017/2018
Pos. Threat Y/Y% Change
1 Trojan 132%
2 Hijacker 43%
3 Riskware Tool 126%
4 Backdoor 173%
5 Adware 1%
6 Spyware 142%
7 Ransom 9%
8 Worm -9%
9 Rogue -52%
10 HackTool -45%
Overall Detections
2017 39,970,81279%
2018 71,823,114
EMEA Top detections
4
BUSINESS DETECTION 2017/2018
UK Top Threat
5
Breaking Down the Top Threats of 2018
6
Generic.Malware32%
Generic.Trojan23%
Trojan.Emotet19%
Trojan.TrickBot6%
Backdoor.Vools6%
RiskWare.BitCoinMiner5%
RiskWare.IFEOHijack3%
Hijack.Tray2%
Generic.Backdoor2%
Ransom.WannaCrypt2%
Why Emotet Is So Effective
7
Anti-Exploit
Anti-Malware
Web Protection
MALWAREBYTES PREVENTION LAYERS:
1 2 3
4 5
67
How TrickBot Works
8
Notice Any Similarities?
9
Emotet TrickBot
Original intent Banking Trojan Banking Trojan
Latest malicious action Downloader Downloader
Unique capability Built-in spam module Credential stealer/brute force
Method of lateral movement “Eternal” exploits “Eternal” exploits
Exposure and impact to businesses Increased in 2018 Increased in 2018
Emotet and TrickBot: Here and Abroad
10
TrickBotEmotet
In the last 30 days in the UK alone, we have cleaned Emotet from 3,451,874 machines
In the last 30 days in the UK alone, we have cleaned TrickBot from 167,227 machines
Other ’Eternal’ Problems
11
Vools Detections 2018
Vools
• Backdoor
• First showed up in May 2018
• Utilize Eternal exploits to infect networks from the outside
• Used to spread crypto miners
• Heavy detections in APAC
• Similar infection method as WannaCry
0
100,000
200,000
300,000
400,000
500,000
600,000
5/2018 6/2018 7/2018 8/2018 9/2018 10/2018 11/2018 12/2018 1/2019
Ransomware
12
GandCrab
• Infection routes:
• RDP
• Exploit Kits
• Phishing
• Botnets
• Ransomware as a service
• Encrypts network shares
• Kills applications
• Distributed quickly
• No decryptors for current versions 0
5000
10000
15000
20000
25000
30000
35000
40000
45000
50000
Global GandCrab Detections 2018
Consumer
Global GrandCrab Detections 2018
Ransomware
13
Ryuk Detections
Ryuk
• New malware family found in 2018
• Used to attack Water Authorities, Cloud Backup Sites, etc.
• Based on Hermes Ransomware
• Holiday Attack Campaign
• Distributed through Trickbot after Emotet infection.
0
10
20
30
40
50
60
Ransomware
14
WannaCry Detections 2018
WannaCry
• Still heavily detected worldwide
• WannaCry theories• Neutered roaming infections
• Repurposing of threat
• Previous infections finally being cleaned up
0
10,000
20,000
30,000
40,000
50,000
60,000
Cryptominers
15
• Miners dominate the first half of 2018
• Large spikes in crypto currency valuation match large spikes in detections
• Detection numbers have now returned to normal
Cryptominer Detections vs Bitcoin Price 2018
Upcoming Challenges
16
The IT-Sec Industry will solve username/ password problem
High profile breaches will keep happening open up the door for future scams/sextorsion
‘Eternal’ malware will become the norm
Attacks designed to avoid detection, like soundloggers, will slip into the wild.
Artificial intelligence in malware creation
Effective Solution Components
PREVENTMultiple Protection
Layers
Effective Solution Components
DETECTAdvanced Detection
Techniques
Effective Solution Components
RESPONDComprehensive
Remediation
Layer Protection Technology
Red
ucin
g the A
ttack Surface
Beh
aviou
rA
nalysis
Mach
ine Learn
ing
EXP
LOIT P
RO
TECTIO
N
MO
NITO
RIN
G an
d R
ECO
RD
ING
WEB
TRA
FFIC P
REV
ENTIO
N
Payload
analysis an
d d
etection
ISOLA
TE AN
D C
ON
TRO
L
REV
ERT
REMEDIATION
Malwarebytes Endpoint Protection and Response
21
We Don’t Just Stop Breaches. We Fix Them.
Edr without complexity
Unmatched threat visibility
Comprehensive attack chain protection
#1 trusted name in remediation
Protecting 60,000 Businesses Worldwide
22
23
Speak to one of our Experts
State of Malware Report
24
Thanks