According to new research by Enigma Software, a developer of PC software in Clearwater, Florida, malware is one of the biggest problems facing cybersecurity, especially for people using computers in the states of Washington, New Hampshire and Virginia. Enigma reports that these users were far more likely to be infected with malware in 2017. Comparatively, users in Wisconsin, Maryland and Indiana had the lowest infection rates. And the industries hardest hit tend to be financial and healthcare-based.
“It’s hard to know exactly why one state had a higher infection rate than another,” said Enigma spokesperson Ryan Gerding in a press statement. “One reason Washington may be at the top of the list is because Seattle is both a tech hub and home base for Microsoft. There may be a higher percentage of people there who specifically have Windows computers.”
Malware infections can cause such things as unwanted pop-up ads, and can change browser settings and make computers run slowly overall. According to Gerding, the most common malware infections were adware and PUPs.
Brian Robison, senior director of security technology at Cylance, a cybersecurity solutions provider in Irvine, California, agrees that malware is still the most significant issue facing online security today, representing “a lion’s share” of breaches at 98 percent. “Whether malware is the original infection vector or something that’s installed after the attacker has access,” he said via email, “malware on the endpoint is the predominant concern that security teams need to focus on.”
The reason that malware has become such a prevalent and persisting problem is that, quite simply, it works. “Malware takes down the most sophisticated enterprises on nearly a daily basis,” said Robinson. “It’s cheap, easily obtained and very powerful. Users can easily be duped into running it, and it’s constantly changing.”
One of the biggest problems facing users as the result of malware – everyone from large corporations to the home user – is ignoring the issue and not having the appropriate protection against it.
“Malware continues to evolve in both sophistication and evasion techniques that are becoming more and more successful at circumventing the huge stacks of security technologies that many companies have in place,” explained Robinson, who recommends solutions that actually prevent malware from running in the first place rather than solutions that detect after the fact.
“The world has moved to a detect-and-respond model that causes security teams to overspend on resources to chase down problems and deal with them, often times requiring reimaging of machines or restoring from backups,” he said. “Prevention is possible with the right technology in place and if a prevention-first approach is taken, then the amount of sifting through piles and piles of log data and restoring systems becomes miniscule. This allows the security teams to reduce their risk while vastly improving the end-user’s satisfaction.”
At Juniper Networks, a security provider in Sunnvale, California, malware is a major focus of the company’s cloud computing solutions. Nick Bilogorskiy, Juniper’s cybersecurity strategist, said via email that he’s paying close attention to one of the cybercrime’s biggest targets; cryptocurrency.
“Since the start of 2017 the price of Bitcoin has tripled and Ethereum is up more than 5,000 percent,” Bilogorskiy said. “The meteoric rise of cryptocurrency valuations has shifted cyber-attack activity to focus on deploying cryptocurrency ransomware and coin-mining exploits. The decentralization and anonymity provided by blockchain ledgers have encouraged cybercriminals to extort for ransom and acquire cryptocurrencies with minimal repercussions.”
Frankly, it’s next to impossible to follow the virtual money trail, with the most significant threats coming from ransomware, mining trojans and cryptojacking. Last year alone the damages from ransomware exploits were projected to total about $5 billion.
“One contributing factor is the transition to asymmetric encryption that has made it nearly impossible to retrieve encrypted data without paying the demanded ransom,” Bilogorskiy said. “Similarly, there’s been a sharp increase in the number of victims willing to pay required ransoms in hopes of retrieving their data over the past two years. With less than 10 percent of people backing up their data daily, the financial damage of cryptocurrency ransomware exploits can only be expected to continue rising. Given the recent bubble-like increase in valuations, cryptocurrencies represent a new and highly valuable opportunity for cybercriminals to grow their malware riches.”
Beyond the stolen money, expenses can add up quickly (think legal fees, IT services, lost productivity, network mitigation and countermeasures and reputational harm). “What’s worse, it’s been difficult to prosecute these crimes,” Bilogorskiy said, “especially when attacks are executed abroad where the U.S. does not have jurisdiction.”
According to Osterman Research, 37 percent of ransomware attacks have actually started via email attachment and 27 percent by links in emails. “With more than 60 percent of ransomware attacks being executed via email,” Bilogorskiy said, “it is clear that email is a potent attack vector that will continuing to rise in popularity while user-error persists.”
Despite employer education efforts, he added, 10 to 15 percent of phishing emails are opened and clicked on by users on a regular basis. One of the only effective defenses is a fairly simple one – daily back up. “Only 10 percent of people back up their data regularly,” he said. “Decrypting files is not always possible and retrieving ransomed files from attackers is never guaranteed, making frequent backups the only way to ensure you do not fall victim to one of these attacks.”
Click here to access CompTIA’s IT Security Community’s full suite of cybersecurity resources.
Natalie Hope McDonald is a writer based in Philadelphia.
