Cyberattacks on businesses surged 55 percent in the third quarter of 2018, according to the latest Malwarebytes report, as cybercriminals ditched attacks on individuals in favor of more data-rich victims.
Businesses saw an 88 percent increase in ransomware attacks alone, in what the Malwarebytes Labs Cybercrime Tactics and Techniques Report called “a continuing trend of switching targets from consumers to businesses.”
Most came via GandCrab, a Trojan horse that encrypts files on a compromised computer and demands payment to decrypt them.
“Flipped from early last year, consumer-facing ransomware attacks have continued to decline as it becomes more and more apparent to cybercriminals that attacking businesses is more profitable than attacking grandmothers,” the report said.
Along with the sharp uptick in ransomware attacks on businesses, these are the report’s key takeaways:
• Malware is up, with banking Trojans ranking as the top detection for both businesses (up 84 percent) and consumers (up 27 percent).
• Adware was up 15 percent for businesses, with attacks via browser extensions and rogue apps.
Information-stealing malware like Emotet and LokiBot topped the list in Q3, and more sophisticated and dangerous malware is being aimed at businesses, with 1.7 million more detections in Q3 than in Q2 (a 5 percent increase).
Banking Trojans are now the favorite malware payload, according to the report. People willingly install them because they’re disguised as genuine apps, and cybercriminals reap quick rewards by gaining direct access to victims’ bank accounts.
Emotet is especially alarming. It contains a spam module that mass-emails malicious payloads to email addresses found on targeted systems, allowing the infection to keep spreading with no assistance from the operator.
Spoofed subject lines may include: IRS Tax Account Transcript, IRS Verification of Non-Filing, IRS Wage and Income Transcript, Pay Invoice, Payment, Payroll Tax Payment, and Tax Account.
Security researchers worldwide have discovered almost 40 new families of ransomware over the past year, according to the report, with many making “immense updates … leading to the release of more dangerous and powerful variants.”
Q3 saw a spike in business detections of GandCrab, first discovered in January 2018, which requests ransoms from $800 to more than $1,000 — and doubles the ransom if a number of days pass without payment. The latest version of GandCrab boasts faster encryption and the ability to encrypt files without an internet connection. Malwarebytes researchers said there was “little doubt that we will see a bigger campaign push” with GandCrab this month.
Adware-laden “ad blockers” are the flavor of the moment. Malwarebytes researchers found 20 million devices were potentially compromised by rogue apps posing as genuine ad blocker extensions this quarter, noting that “a tally of fake ad blockers on this scale is almost unheard of.”
The fake extensions use names like uBlock Plus, HD for YouTube, Adblock Pro and Webutation (sometimes based on legitimate program names) and they drop users into a botnet.
They send back browsing information to a server, receive instructions from a command and control center, and execute tasks for the adware author inside the browser.
“A lot of these recent issues have revolved around browser extensions as opposed to regular executables,” the report said “— a timely reminder that not every bad file comes from a random website, but rather trusted sources such as the Google Chrome Web Store.”
Users can’t rely on reviews to avoid the rogue apps either. The report found their reviews are often positive — and packed with praise from bots.
Dangers to businesses are mounting, the report said, because “the bad guys know they can leech more from businesses, who have the funds and possess more critical files than consumers” — and cybersecurity expert Rodney Gullatte Jr. said too many Springs businesses are not taking those threats seriously.
“They underestimate the threat — it’s that simple,” said Gullatte, founder of Firma IT Solutions & Services. “They don’t know how bad it’s going to hurt them. They don’t have cyber liability insurance, and they’re so exposed for a breach.
“I met a business owner who had a ransomware attack — and they went to Google to try to figure out how to fix it on their own! And they’re still taking people’s information while infected files are still on the computer. It traversed through email because they have offices throughout the country … and they haven’t invested in a good way to take care of that.”
Gullatte said most of the businesses that pinch pennies when it comes to cybersecurity would never skimp on an accountant — but they should view the real-life risks through the same lens.
“I think the IRS has earned a reputation that has struck fear in the hearts of people for a long time,” he said. “They’re so scared of the IRS that they will pay somebody to keep the IRS off their backs. But the fear of cyber attacks still hasn’t been as widespread as the fear of an audit.”
Gullatte’s advice for all businesses — including small businesses: “As soon as you can, budget to have somebody professionally manage your cybersecurity. Do that. Free antiviruses aren’t going to help you.
“I’m drawing the parallel between IT and accounting,” he added. “It gets to a level where you can’t do this on your own.”
While some security professionals have all but given up on trying to communicate the risks to small and medium-sized businesses, Gullatte said, “I’m 100 percent worried about it.
“That’s who you do business with, that’s who all my friends do business with, that’s going to hurt people I know and care about. We need to get businesses to see it this way: You are putting people you love and care about in harm’s way because you are unwilling to take action on this. You have to protect people’s data — it’s important to them.”