Microsoft: phishing up, ransomware down in 2018
Microsoft published the company's Security Intelligence Report for the year 2018 recently; the security data analysis provides an insight into major threat types in 2018.
In short: ransomware is on a decline, phishing is on the rise, crypto-mining is prevalent, software supply chains are a risk, and overall malware decreased in 2018.
Phishing remains one of the top attack vectors used to deliver malicious zero-day payloads to users, and Microsoft has continued to harden against these attacks with additional anti-phishing protection, detection, investigation, and response capabilities to help secure users
Phishing messages increased by 250% between January and December 2018 according to Microsoft. The company scanned more than 470 billion email messages for malware and phishing monthly in 2018.
Phishing methods evolved further in 2018. Microsoft notes that attackers use more sophisticated methods to make attacks more powerful. The times of using single URL, domain, or IP addresses to send emails are long gone as attackers moved to "a varied infrastructure with multiple points of attack".
The nature of phishing campaigns changed as well. Attackers use different delivery spans and schedules, and rely more on using hosted infrastructure and cloud services in their attacks to make detection difficult.
Different phishing types
- Domain spoofing -- email message domain is an exact match of the expected domain name,
- Domain impersonation -- email message domain looks similar to the expected domain name.
- User impersonation -- impersonating a trusted user.
- Text lures -- text that looks as it if comes from a legitimate source.
- Credential phishing links -- email links to a page that looks legitimate.
- Phishing attachments -- the phishing email includes an attachment with malicious payload.
- Links to fake cloud storage locations -- asks users to give permissions or sign in to access cloud content.
The decline in ransomware encounters was due in part to improved detection and education that made it more difficult for attackers to profit from it. As a result, attackers began to shift their efforts away from ransomware to approaches such as cryptocurrency mining, which uses victimsâ€™ computing resources to make digital money for the attackers.
Detected ransomware attacks dropped by approximately 60% between March 2017 and December 2018. Microsoft suggests that user and organization awareness and improved protection and detection options played a role in the decline.
In 2018, the average worldwide monthly cryptocurrency coin mining encounter rate was 0.12 percent, compared to just 0.05 percent for ransomware
The change to encounter coin mining attacks was more than two times as high as encountering ransomware in 2018. The average worldwide cryptocurrency coin mining encounter rate was 0.12% in 2018.
Supply Chain Compromise
The first major software supply chain attack incident of 2018 occurred on March 6, when Windows Defender ATP blocked a massive campaign to deliver the Dofoil trojan (also known as Smoke Loader). The massive malware campaign was traced to a poisoned peer-to-peer application.
Supply chain attacks focus on attacking development or update processes to "incorporate a compromised component" into legitimate applications or update packages.
- Dofoil trojan mining in March 2018.
- Compromised Chrome extensions that installed malware.
- Compromised Linux repositories.
- Malicious WordPress plugins.
- Malicious Docker images.
- Compromised scripts.
Malware in 2018
The five locations with the highest malware encounter rates during the Januaryâ€“December 2018 period were Ethiopia (26.33 percent average monthly encounter rate), Pakistan (18.94), the Palestinian territories (17.50), Bangladesh (16.95), and Indonesia (16.59), all of which had an average monthly encounter rate of approximately 16.59 percent or higher during the period
Malware encounter rates dropped from an high at about 7% in 2017 to "just above" 4% in the end of 2018.
Now You: What has your experience been in 2018?Advertisement