Malware detections dropped more last year in Australia than anywhere else

CSO  >  security threats / laptop bombarded by attacks
Thinkstock

Australia and New Zealand users bucked global trends in 2019 as the volume of cybersecurity threats dropped 14 percent last year, according to new analysis that also found Mac threats outpacing Windows threats for the first time ever.

Malware detections decreased overall over the course of the year, Malwarebytes’ newly updated State of Malware report found, with the 14 percent decline in ANZ outpacing other declining regions including the rest of APAC (11 percent) and EMEA (2 percent).

By contrast, North American detections increased 10 percent year-on-year and Latin American users saw increases of 26 percent over the same time.

Security analysts noted the increasing sophistication of malware threat capabilities during 2019, with the likes of exploits, credential-stealing tools, and multi-stage attacks seeing targets infected multiple times.

Businesses were increasingly being targeted far more than individual users, with business detections of malware like MimiKatz increasing by 13 percent in 2019 compared with a 2 percent decline for consumer threat detections.

Time-tested downloader and botnet malware like Emotet and TrickBot continued to “hammer” organisations throughout the year, with Emotet increasing by 6 percent over the year and TrickBot increasing by 52 percent compared with 2018.

Ransomware was down slightly compared with the previous year – an artefact of declining echoes from 2017’s WannaCry epidemic – but net detection of new ransomware “remains higher than we’ve ever seen before” as the likes of Phobos, Ryuk (up 543 percent year-on-year), and Sodinokibi (up 820 percent since its May 2019 debut) scored direct hits on local governments, schools, and hospitals.

“A rise in pre-installed malware, adware and multi-vector attacks signals that threat actors are becoming more creative and increasingly persistent with their campaigns,” Malwarebytes CEO Marcin Kleczynski said in a statement.

“It is imperative that, as an industry, we continue to raise the bar in defending against these sophisticated attacks, actively protecting both users and businesses by flagging and blocking all programs that may violate their privacy, infect their devices, or even turn the infrastructure they depend on against them.”

Services industries passed the education and retail sectors to become the industry most frequently impacted by threats during the year – with a high-profile hit on Victorian hospitals highlighting the ongoing risk.

Those attacks “should act as a cautionary tale for the services sector, to ensure they are implementing the highest standard cybersecurity,” Malwarebytes noted.

“It’s time that all industries understand what good cybersecurity looks like, not only managed by their technology teams, but implemented company wide, with all employees aware of cybersecurity best practice.”

Mac users were being increasingly targeted with shell scripts and subjected to a “virtual landslide” of adware like NewTab – detected 28m times during 2019 – and potentially unwanted program (PUP) detections, as well as malware infections that snuck in through a Firefox zero-day vulnerability.

Hackers were getting better at working around iOS security, the analysis found, and “straight-forward malicious behaviour from Mac files is increasing year-over-year, with more deceptive techniques to evade Apple’s rather stringent eye.”

That had translated to higher numbers of Mac malware detections among Malwarebytes users, with the average number of hits per endpoint increasing from 4.8 in 2018 to 11.0 in 2019. Infections such as NewTab and PCVARK were the second and third most-prevalent malware – across all of the operating system platforms the company tracks.

“If 2019’s threat landscape tells us anything,” the report’s authors said, “it’s that it’s time to take a good hard look at Mac security and finally get serious.”

Related:

Copyright © 2020 IDG Communications, Inc.

The 10 most powerful cybersecurity companies