Cybercrime tactics and techniques Q1 2019

Enterprises, beware. Threat actors are continuing to eye businesses for high returns on investment in Q1 2019, breaching infrastructure, exfiltrating or holding data hostage, and abusing weak credentials for continued, targeted monitoring. From a steadfast increase of pervasive Trojans, such as Emotet, to a resurgence of ransomware lodged against corporate targets, cybercriminals are going after organizations with a vengeance.

Yet every cloud has a silver lining, and for all the additional effort thrown at businesses, consumer threats are now on the decline. Ransomware against consumers has slowed down to a trickle and cryptomining, at a fever pitch against consumers this time last year, has all but died. Interestingly, this has resulted in an overall decline in the volume of malware detections from Q4 2018 to Q1 2019.

While threat actors made themselves busy with challenging new victims, they ensnared targets in the old ways, using tried-and-true malspam and social engineering tactics for distribution, including spear phishing emails and sextortion scams. However, a few noteworthy developments in exploit kits and software vulnerabilities opened the door for interesting experimentation, including a Chrome zero-day that required user action for patching.

Unfortunately, cybercriminals didn’t forget about consumers altogether—adware on Macs and mobile devices was rampant this quarter, with supply chain attacks resulting in malicious apps loading pre-installed on mobile phones.

And although businesses are the new black, user data in the form of Personally Identifiable Information (PII) is still the prize, as data leaks via weak third-party security or password hygiene revealed full-fledged breaches were not necessary to bring criminals their pay day. As businesses gather and compile more data about their customers, they become ever-more attractive targets, especially as weak credentials, broad user access, and gaps in infrastructure allow threat actors to practically stroll into many organizations and take with them their customers’ database.

To that end, consumers are taking notice, and increasingly growing wary of trusting businesses with their PII. A survey conducted by Malwarebytes this quarter shows that more than 90 percent of nearly 4,000 respondents feel securing their data is of highest importance—yet they trust organizations, especially social media and search engines, about as far as they can throw them. Because of this shift in tactics by criminals and the resulting anxiety it’s producing for consumers, we are adding a new section to our report about data privacy, looking at trends in data storage, transfer, exfiltration, and regulation, and exposing pitfalls that may lead to theft of user data.

So how did we draw our conclusions for this report? As we’ve done for the last several quarterly reports, we combined intel and statistics gathered from January 1 through March 31, 2019, from our Intelligence, Research, and Data Science teams with telemetry from both our consumer and business products on the PC, Mac, and mobile devices, which are deployed on millions of machines. Here’s what we learned about cybercrime in the first quarter of 2019.