BY Richard Summerfield
2018 was a challenging year for the cyber security industry as threat actors’ tactics, traits and techniques continued to evolve. As a result, the number of large corporations which fell victim to cyber attack continued to grow last year, according to AppRiver’s ‘2018 Global Security Report’.
AppRiver’s Email Security and Web Protection filters quarantined more than 10 billion global threats including: (i) 8.3 billion messages containing URL-based malware, phishing attacks and text-based attacks; (ii) 300 million emails that included malware in a message attachment; (iii) the majority of malicious attachments with Word files with embedded macros; and (iv) 4.5 billion quarantined messages that originated in the US.
Trojan attacks surpassed the number of ransomware attacks, becoming the most commonly distributed threat type – Trojans were dispersed more than 20 million times. The ‘Trickbot Trojan’ and ‘Emotet’, were particularly prominent threats. Emotet, which functions as a downloader of other banking Trojans, cost state, local, tribal and territorial (SLTT) governments up to $1m per incident to remediate. In order to defeat such attacks, companies must deploy a robust ‘defence-in-depth’ approach, the report notes. Distributed Spam Distraction (DSD) and Business Email Compromise (BEC) attacks also became more prominent in 2018.
“The lines between hacking, cybercrime, and cyberwarfare are increasingly blurred now,” said Troy Gill, AppRiver’s senior cybersecurity analyst. “As a result, protecting small- and mid-sized businesses must be considered an integral part of our larger national cybersecurity posture. To be most effective, our strategy must be comprehensive, addressing vulnerabilities at all levels.”
Looking ahead, the report notes that internal ecosystem attacks will increase and attackers will employ more ‘bleeding-edge’ attack methods. The report notes that more advanced attack techniques will likely trickle down from the nation-state level to threaten more for-profit attacks against the public.
The rapid growth of the number of Internet of Things (IoT) devices will also create challenges, particularly as the lack of security being built into such devices will leave parties exposed.
Report: 2018 Global Security Report