The figures leave no room for doubt: with 9 million malicious URLs and 2.4 million attacks prevented by Panda per million endpoints per month, malware attacks were the most successful kind of attack on companies in 2018.
Among the most popular cyberattacks last year were some of the most common tactics from the last few years, such as phishing, ransomware and business email compromise. But there was also a glut of new threats, such as RDP attacks and the huge increase in cryptojacking.
These are the most striking conclusions from our annual report by PandaLabs (Panda Security’s antimalware laboratory), which analyzes how cybercriminals have tried to attack clients who use our cybersecurity solutions. But if we take a closer look, we can highlight among these conclusions five attack vectors with highly significant figures:
Malicious actions in early stages
Before a threat takes its final form, attacks in their early stages usually carry out a series of actions. Preventative behavioral analysis techniques can avoid this by detecting these preliminary actions, and have been highly successful in preventing threats that are dangerous to organizations, such as fileless malware. One of the most commonly used techniques for this kind of attack is the abuse of PowerShell, a scripting language still used by many companies. This technique represents 26% of registered blockings.
The total amount of malware attacks continues to increase: it grew 60% over the period analyzed in our report. Fortunately this malware is kept from running on the endpoint since phishing emails and malicious URLs are usually blocked automatically, though with varying frequency: the blocking of malware-related URLs happens at over 3.7 times the rate of malware file detections
New types of malware emerge every single day. As such, it is inevitable that certain computers and devices become “patient zero” infections for malicious files by opening and running them for the first time. These malicious files are particularly frequent in corporate emails. To keep this from happening, at Panda we designed a 100% attestation service, so that only those files classified as trustworthy are executed on endpoints. In this context, 5.8 million executable files were analyzed, of which, around 20% were unknown or not trustworthy. Out of those, an average of 1.3% ended up being classified as malware.
Remote desktop attacks
Malware that aims to install itself via the remote desktop protocol (RDP) represents an ever more present threat to companies. Many employees connect to their computers remotely when they are not in the offices, and at times, RDP services may not be properly protected. As such, RDP becomes a very appealing attack vector for cyberattackers. Accordingly, the figures in the report show that 40% of medium and large organizations analyzed are targeted by this kind of attack every month.
Cryptomining: Coinhive code
The initial idea behind Coinhive was to provide website owners with an alternative to advertising to generate income. But these days, it is often used as a passive form of cryptojacking, that is, attacks that aim to mine cryptocurrencies on third party devices. The performance of computers exposed to this kind of cyberattack is seriously reduced, since the mining that is carried out when visiting websites infected with this code drains CPU cycles. The data in the report underlines the fact that cryptojacking has increased 3.5 times compared to the same period the previous year. Monero, a cryptocurrency created, paradoxically, with the aim of being a more secure alternative to Bitcoin, now represents almost 70% of the mining carried out using this kind of attack.
Prevention, detection and response
The PandaLabs report also compiles other relevant figures, such as the average of over 8,100 exploitation attempts per million endpoints per month, where Internet Explorer and Outlook were the applications that suffered most attacks. Another example are the 90 kinds of incidents that included the abuse of legitimate tools and software already present in the organization, via live hacking techniques and malwareless tools.
In any case, the majority of the data found in the 2018 PandaLabs report reflects the fact that cyberattackers’ main target is still the endpoint, as this is where the most sensitive information is most easily found. All of this demonstrates the growing need for organizations to protect their endpoints, and not just the perimeter, with advanced cybersecurity solutions, such as Panda Adaptive Defense, which has prevention, detection and response for attacks with and without malware, 100% Attestation, and threat Hunting and Forensic Analysis. This is the only way to stop any kind of security incident that may occur in 2019.