Today we launch our Annual Cyberthreat Landscape Report for 2018-19, providing insights into emerging and evolving cybersecurity trends. By sharing intelligence and collaborating with the industry, we are in a much better position to fight cybercrime this year.
The report reveals that botnet stolen credentials increased by a staggering fifty percent in 2017-2018, with technology and telco sectors being the target for over half of those stolen. The research also revealed that India, Russia, USA, Vietnam and Turkey ranked the highest in the top ten most malware infected users by country, with those from Europe representing twenty percent of the total number.
Additionally, Latin America has become a new testing ground for cybercrime.
The cybercriminal ecosystem in Latin America has been growing steadily in recent years, due to increased internet penetration, increased digital transformation, high levels of outside investment and weak or non-existent cybercrime legislation.
The report observed more than a seventy five percent year on year increase in the number of credentials belonging to Latin American markets in 2018. The second half of 2018 saw an increase of nearly two hundred percent compared to the same period in 2017.
The report also explores changes in the cyberthreat landscape over the past year, unearthing trends and how they are expected to impact cybersecurity in 2019, highlighting some of the key observations to cybercriminal behaviours and attacks including:
- Ransomware campaigns decreased in popularity from 2017, but classic malicious campaigns like malware downloaders and trojans were still a trend in 2018. The significant decline in ransomware incidents is likely due, in part, to the exodus of less advanced threat actors moving away from this once-trendy cybercrime in favour of other types of crime such as cryptomining – that allow them to monetize quickly with little time and money invested.
- Pony, KeyBase and LokiPWS (also known as Loki Bot) have consistently been the most active stealers. However, current figures show that Emotet4 and AZORult now rank in the top 3 stealer samples detected by Blueliv’s Labs. The ever-evolving Emotet trojan re-emerged in 2018, and in November alone, Emotet was dispatching approximately 185,000 spam messages a day, utilizing over 50,000 different sender emails. The recipients were largely corporate email addresses, representing 1,200,000 different mail domains.
- Stabilization of cybercriminal underground lowers barriers to entry for hackers and fraudsters. 2018 saw the stabilization of English-language darknet marketplaces following a prolonged period of volatility, it appears that many of the English-language darknet markets that currently exist, such as DreamMarket, Empire Market, and Wall Street Market, have established their credentials and have begun to win back users. 2019 will likely herald further increased access to malicious products and services for cybercriminals of all stripes.
Cybercriminals continue to find new ways to combine attack methods or compromise new and existing vectors for maximum results, but there is a real lack of capacity to respond to the increasing number of cyber incidents.
Organisations need to adopt a multi-faceted approach to these threats through collaboration, technology, and training which will ultimately help them become better prepared to defend and respond to the changing threat landscape.
This report is intended to be a reference document for CISOs and their cybersecurity teams, but also for executives interested in how cybercrime affects enterprises today. The report contains a selection of the most important cybercriminal events of 2018, including intelligence on specific threat actors and the TTPs (techniques, tactics and procedures) they deploy.
Tactical information and analysis is derived from data extracted from Blueliv’s modular cyberthreat intelligence technology, Threat Compass. It is complemented by strategic and operational threat intelligence gathered by Blueliv’s in-house analyst team, who offer guidance around how to combat certain attack techniques and improve an organisation’s overall security posture in 2019 and beyond.