The number of detections of malware impacting businesses has grown dramatically over the past year, suggesting business malware is producing the biggest benefits for cybercriminals.
This is according to Malwarebytes, which outlined the findings in its annual State of Malware report.
Not only did it find that overall business malware detections had increased by 79% from 2017, but also discovered that several types of malware attacks had climbed over 100%.
“The year 2018 was action-packed from start to finish,” said Adam Kujawa, Director of Malwarebytes Labs.
“It began with threat actors: diversifying their cryptomining tactics; broadening their reach to Android, Mac and cryptomining malware; and experimenting with new innovations in browser-based attacks.
“While cryptomining died down by the second quarter, a new set of threats took its place: information-stealers. Trojans, especially Emotet and TrickBot, were top business detections across verticals and around the globe.”
The attack types driving the climb in business malware
Businesses became the target of choice for attackers in the second half of 2018, as attackers made use of a variety of attack types.
Backdoor malware, which involves using backdoors in company systems to exploit security vulnerabilities, grew the most, by 173%.
Spyware, which allows attackers to acquire data undetected, also increased in prevalence by 142%.
Trojans, which package malware in legitimate software or files, climbed by 132%, while riskware tools, which are legitimate programs that are exploited to cause damage, grew by 126%.
“We experienced another very active year for malware that shows no signs of stopping,” said Marcin Kleczynski, Malwarebytes CEO.
“Attackers continued to shift their methodologies to follow the payload. We saw evidence of this with the strong focus on attacking businesses with insecure and unpatched networks. From massive data breaches to ransomware attacks, businesses are experiencing what consumers have been dealing with, but on a larger scale.”
Verdict deals analysis methodology
This analysis considers only announced and completed cloud-deals deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.
GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.
More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.