Cybercrime Tactics and Techniques Shows Shift To Business Targets In Q3

Malwarebytes Labs Cybercrime Tactics and Techniques Report states that after a sleepy first two quarters of the year, cybercriminals shook out the cobwebs and revved up their engines in Q3 2018. With cryptominers and exploit kits maturing, ransomware ramping up with steady, sophisticated attacks, and banking Trojans experiencing a renaissance, we’re having one heck of a season. Attack vectors were at their most creative—and most difficult to remediate—especially for businesses.


In fact, businesses saw far more action this quarter than consumers—their total detections trended upwards by 55 per cent, while consumer detections increased only by four per cent quarter over quarter. It looks like threat actors are searching for more bang for their buck, and business targets are returning more value for their efforts.


Banking Trojans and ransomware, traditionally aimed at both businesses and consumers, leaned much harder into their business targets this quarter. Even malware that’s generally favoured consumers, such as cryptominers and adware, seems to have graduated to a more professional prey.


Consumers didn’t get away from Q3 unscathed, however. They saw a whole lot of scam action this quarter, especially the ever-classic sexploitation technique, but this time it came with a twist—scammers used stale personally identifiable information (PII) likely pulled from breaches of old to scare users into action. And although the bad guys were up to no good, we at Malwarebytes had a field day taking a bunch of them down

The full report can be read here.



more news

BA, Marriott Face Massive Fines For Data Loss


If proof was needed that poor data protection is bad for the corporate wallet, two examples have demonstrated that substantial fines face those organisations that have lax data security.

read more

Cumbria First Police Force To Utilise NMC Tools


Cumbria Constabulary has become the first police force to use the National Management Centre (NMC) for cybersecurity set up under the National Police Chiefs’ Council (NPCC).

read more

Phishing Attacks Bypassing 2-Factor Authentication


Penetration testers and attackers have a new tool in their arsenal that can be used to automate phishing attacks in a way that defeats two-factor authentication (2FA) and is not easy to detect and block, reports CSO Magazine.

read more

Third of Breaches Caused By Unpatched Vulnerabilities


IT security professionals have admitted that a third of cybersecurity breaches are the result of vulnerabilities that they should have patched.

read more