More than 14.5 billion emails laced with malware were sent in 2017 according to the annual Global Security Report by AppRiver.
The majority of cyber threats were initiated in the U.S. and persisted throughout the year, with significant peaks in August, September and October, the report said.
In the first half of 2017, 1.9 billion data records were lost or stolen as a result of cyberattacks. This followed a tough year in 2016, when losses totaled $16 billion and criminals pocketed approximately $1 billion in ransomware payments alone. Some of the largest publicly-disclosed breaches in 2017 ranged from compromised data at Equifax, affecting 143 million American consumers, to Yahoo updating the severity of its 2013 hack from 1 billion to approximately 3 billion customer accounts.
Significant Cybersecurity Attacks of 2017
Phishing and Malware Attacks: AppRiver observed a 1,000 percent increase in phishing efforts, including those tailored to gather user email login credentials, followed by an unparalleled spike in malware attacks launched from the compromised email accounts of users across all services, including Office 365, Gmail, Yahoo and AOL.
Malware-as-a-Service: Last year illustrated a significantly lower barrier-of-entry into cybercrime, with user profile names and credit card numbers readily available on the dark web and distribution of 20K messages for just $40. Some common attack types included:
- DSD: AppRiver continued its reporting on Distributed Spam Distraction (DSD), which returned in strength last year. This attack fills inboxes with nonsense emails, simultaneously disguising a cybercriminal’s purchase or wire fraud activity in real time and distracting users from seeing legitimate email.
- RAT: The Adwind Remote Access Trojan (RAT) provides hackers with remote control of malicious programs across Windows, Linux, Mac and Android devices. In 2017, RAT was often introduced to users in the form of fake payment confirmation emails.
Ransomware: Many new strains of ransomware arrived in 2017, including Cerber, Jaff, Nemucod, Spora and Petya/NotPetya. Some of the most prolific included:
- WannaCry, which infected hundreds of thousands of computers worldwide, demanding a $300 bitcoin ransom.
- Locky, which was distributed mainly by the Necurs botnet and sometimes arrived at the rate of 4 million messages per hour. Fortunately for AppRiver customers, the SecureTide filter caught nearly 1 billion messages that would have led to a Locky infection.
DDE Attacks: The Dynamic Data Exchange (DDE) protocol attacks produced highly targeted emails spoofing the Security and Exchange Commission’s EDGAR, gaining further traction when the largest botnet (Necurs) began to distribute malicious DDE documents. During October of 2017 alone, AppRiver filters captured nearly 50 million malicious DDE-laced documents.
“At a time when most people thought cyberattacks couldn’t possibly get worse, 2017 dealt a harsh dose of reality with costly and more threatening data breaches,” said Troy Gill, security analyst for AppRiver. “The 2017 Global Security Report discusses how hackers leveraged known and previously unexploited vulnerabilities. It also includes actionable advice that every business leader should follow to temper the digital risk of attacks, breaches, spam and malware in 2018.”
What’s Ahead: 2018 Predictions
- Large Data Breaches are on the Way: The volume of personal data stolen in the past year, such as with the Equifax breach, creates the potential for widespread fraud on a greater scale, creating hysteria for consumers and lenders alike.
- Attacks from Trusted Sources: Between the resurgence in phishing attacks and the volume of stolen personal data available online, we expect to see more malicious attacks leveraged from hacked accounts and profiles.
- New Federal Legislation: Expect security breach notifications laws to be passed regarding incident handling and how breaches are reported to law enforcement, financial institutions and consumers.
- State-Sponsored Attacks will Increase: This year will bring further challenges from the 2017 attacks from North Korea and Russia, and the distinction between criminal hackers and state-sponsored attacks more difficult to determine.
- Cryptocurrency Theft and Mining: Bitcoin and Ethereum values skyrocketed in 2017, and malware authors will build upon capabilities to steal cryptocurrency payment information and wallets in 2018.
- The worst is yet to come for IoT botnets: Internet of Things (IoT) devices are becoming popular with consumers. IoT botnets will continue to expand and increase in sophistication in 2018, producing intended and unintended physical consequences.