Microsoft published the company's Security Intelligence Report for the year 2018 recently; the security data analysis provides an insight into major threat types in 2018.
In short: ransomware is on a decline, phishing is on the rise, crypto-mining is prevalent, software supply chains are a risk, and overall malware decreased in 2018.
Phishing remains one of the top attack vectors used to deliver malicious zero-day payloads to users, and Microsoft has continued to harden against these attacks with additional anti-phishing protection, detection, investigation, and response capabilities to help secure users
Phishing messages increased by 250% between January and December 2018 according to Microsoft. The company scanned more than 470 billion email messages for malware and phishing monthly in 2018.
Phishing methods evolved further in 2018. Microsoft notes that attackers use more sophisticated methods to make attacks more powerful. The times of using single URL, domain, or IP addresses to send emails are long gone as attackers moved to "a varied infrastructure with multiple points of attack".
The nature of phishing campaigns changed as well. Attackers use different delivery spans and schedules, and rely more on using hosted infrastructure and cloud services in their attacks to make detection difficult.
Different phishing types
The decline in ransomware encounters was due in part to improved detection and education that made it more difficult for attackers to profit from it. As a result, attackers began to shift their efforts away from ransomware to approaches such as cryptocurrency mining, which uses victims’ computing resources to make digital money for the attackers.
Detected ransomware attacks dropped by approximately 60% between March 2017 and December 2018. Microsoft suggests that user and organization awareness and improved protection and detection options played a role in the decline.
In 2018, the average worldwide monthly cryptocurrency coin mining encounter rate was 0.12 percent, compared to just 0.05 percent for ransomware
The change to encounter coin mining attacks was more than two times as high as encountering ransomware in 2018. The average worldwide cryptocurrency coin mining encounter rate was 0.12% in 2018.
The first major software supply chain attack incident of 2018 occurred on March 6, when Windows Defender ATP blocked a massive campaign to deliver the Dofoil trojan (also known as Smoke Loader). The massive malware campaign was traced to a poisoned peer-to-peer application.
Supply chain attacks focus on attacking development or update processes to "incorporate a compromised component" into legitimate applications or update packages.
The five locations with the highest malware encounter rates during the January–December 2018 period were Ethiopia (26.33 percent average monthly encounter rate), Pakistan (18.94), the Palestinian territories (17.50), Bangladesh (16.95), and Indonesia (16.59), all of which had an average monthly encounter rate of approximately 16.59 percent or higher during the period
Malware encounter rates dropped from an high at about 7% in 2017 to "just above" 4% in the end of 2018.
Now You: What has your experience been in 2018?Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.