Webroot: Nastiest Malware Threats Offer All Tricks, No Treats
Forget Halloween’s Michael Myers, malware threats are the real villains out there, hoping to trick you into giving away your money and personal data.
Webroot has released its annual list of nastiest malware threats. The list reveals phishing, ransomware and botnets as 2020’s most vicious cybersecurity threats. And it’s no surprise that cybercriminals have taken advantage of the global pandemic.
Furthermore, they’re relying on the same old tricks to secure their financial treats.
Here’s the malware that made Webroot’s latest list:
- Phishing is a key part to a malware campaign’s effectiveness. This year, many threats are taking advantage of the situation created by the pandemic. And almost all the malicious spam emails (malspam) phishing lures used by malware are based on COVID-19.
- Ransomware did everything but slow down in 2020, largely due to COVID-19 phishing lures. There’s been several notable attacks from health care to municipalities to education. Ransomware gangs are now exposing or auctioning off a victim’s sensitive data if they refuse to pay. The three nastiest ransomware threats include Conti/Ryuk, Sodinokibi/REvil/Gandcrab, and Crysis/Dharma/Phobos.
- Botnets continue to be a dominant threat in the security landscape. They are essential to the success of ransomware. And many of the top offenders have close ties to top ransomware. Botnets are responsible for most of the malicious spam email campaigns. The nastiest botnet and trojan threats are Emotet, Trickbot and Dridex.
This year has brought an unexpected rise in mobile threats, earning them an honorable mention on this year’s list. Many of them masquerade as COVID-19 tracing apps, preying on the fear generated by the pandemic. Others abuse app accessibility features to steal user information.
To find out more about these nasty malware threats, we spoke with Tyler Moffitt, security analyst at Webroot.
Channel Futures: How has the COVID-19 pandemic impacted this latest list of nastiest malware threats compared to previous lists?
Tyler Moffitt: COVID-19 has impacted everything in the threat landscape. Nearly every type of malware on our list of 2020’s nastiest threats involves a phishing lure related to the pandemic. Some of the top phishing lures are now: CDC best guidelines, a list of positive COVID-19 cases in your area and stimulus forms. Before the pandemic, some of the top lures were you missed a package, you’re being sued and fake billing invoices. Cybercriminals are really tailoring their tactics to the pandemic because they know people are hungry for information and more distracted while working from home.
CF: Are an increasing number of people falling for these types of malware threats? If so, why?
TM: Absolutely. In fact, Webroot recently did a survey that found one in three professionals in the United States have clicked a phishing link in the past year. And one in five received a phishing email related to COVID-19. People are falling victim to these scams because they’re more sophisticated and believable than even before, but also because they’re more distracted while working from home.
Working while doing household chores, caring for children or watching TV may seem harmless. But it could make people vulnerable to threats. Attention is lower and people might be less likely to properly notice and weigh the risks of potential threats like phishing emails. Additionally, the home network is often less secure than the physical office, consisting of numerous personal devices that were set up and continue to be managed without the proper security controls in place.
CF: What sort of damage can result from falling for one of these malware threats? Can you give some examples?
TM: Ransomware has the potential to drain all financial resources and ultimately close a business if it’s disruptive enough to critical systems and backups are not adequate. An example could be as simple as someone opening a Word doc attachment then enabling macros. From there an Emotet payload is downloaded with a goal to gain a foothold on that network and download further tools for the hackers, in this example say trickbot. Trickbot’s goal would then be to move laterally throughout every computer in the network and gather credentials. The aim is to get domain controller credentials for full access to the environment. This will allow the criminal to analyze the environment, take data to assess its worth, and even remote in to disable backups if needed. Then the eventuality, ransomware and trickbot most commonly partner with Ryuk ransomware, which has been devastatingly popular this year, most recently hitting hospitals across the U.S.
CF: What aren’t organizations doing that they should be doing to protect themselves and their employees from these malware threats?
TM: There are many ways businesses can strengthen their cyber resilience. But the easiest and most impactful way is starting with employees. They are the first line of defense against cyber threats. Ensure they have clear distinctions between work and personal time…