Security provider Panda discovered 75 million brand new malware samples in 2017. However, it is expected that malware-free attacks are going to rise in 2018.
According to the Spanish security vendor, PandaLabs’ Annual Report 2017, the security firm found approximately 285,000 samples of new variants of malware. In addition, Verizon revealed that “The proportion of attacks motivated by the state is still on the rise, and these hackers are becoming more aggressive each year.”
The security provider stated that the main malicious tools detected are linked to infamous WannaCry ransomware. In addition, two are related to the backdoored variant of CCleaner, a well-known performance optimization tool.
The new malware targets mostly businesses. The latest disclosed malware campaign attacked tech companies with a leaking hole-style hack in September 2017.
Panda revealed that more than 99% of malware was only spotted once. That means that the hackers and authors of the malware adapt the code with every single new infection.
Panda warned users that “malware-less attacks and attacks that abuse non-malicious tools” are expected to increase in 2018. The vendor also indicated statistics by Verizon that revealed that half of all recorded breaches have not involved malicious tools at all.
Luis Corrons, a technical director at Panda Labs told InfoSecurity:
I am talking about tools such as Microsoft’s PowerShell, included in the Swiss Army knife of any sysadmin and at the same time being used more and more in hacking attacks. As an example, a few weeks ago we discovered an automated attack that was using a mix of different techniques: fileless attack, use of PowerShell, exploits, customized Mimikatz and more just to run a Monero miner in the compromised computers.
These new malicious techniques will require IT security teams to improve and learn new methods to detect and remove cyber threats in 2018, according to the Panda report.
In addition, malware hunting tools and security systems must focus on the network consumers’ behaviors and how to analyze them. In addition, the machine learning is also important in order to provide a method of prioritizing possible security-related incidents.
Malware-free tools are not the only one though, other threats predicted in 2018 includes a continued severe deluge of IoT smart devices and mobile infections, cyber-propaganda, all kinds of ransomware.
Security vendor highlights the importance of awareness in order to secure your devices.
Having in-depth knowledge of attacks and what they consist of should be the basis for a good defensive strategy. Security based on detection and response in real time, with forensic reporting and details of how the attack occurred, is essential to avoiding future intrusions.