资源描述
2020 State of Malware ReportFebruary 2020PRESENTSTable of contentsExecutive summary .4Methodology . 5Key takeaways .6Windows threat landscape 2019 . 8Consumer threat categories . 8Business threat categories . 10Consumer threat families .12Business threat families .13Family deep dive .15Windows threats summary . 23Mac threat landscape 2019 .24Top Mac threats . 25Family deep dive: Mac edition . 26iOS . 29Mac threat summary .30Android threat landscape 2019 . 31Pre-installed malware .31HiddenAds . 32Monitor category: stalkerware . 32Android threat summary .332020 State of Malware Report 2Table of contentsWeb threat landscape 2019 .33Compromised infrastructure .33Web skimmers.34Exploit kits .35Malvertising and redirection campaigns .36Web threats summary . 37Regional threats 2019 .38NORAM threat landscape .38EMEA threat landscape .39APAC threat landscape .41LATAM threat landscape .45Top industry threats .46Services .48Education .49Retail .49Data privacy in 2019 .50Data privacy in commerce .51Data privacy in US law . 52Data privacy summary .532020 cybersecurity predictions .54Conclusion . 57Contributors . 572020 State of Malware Report 3It was the last year of the 2010s, and cybercriminals let the world know they meant business. From an increase in enterprise-focused threats to diversification of sophisticated hacking, evasion, and stealth techniques to aggressive adware aimed at Androids, the 2019 threat landscape was shaped by a cybercrime industry that was all grown up. While Malwarebytes observed a relative plateau in the overall volume of threat detections in 2019, our telemetry showed a clear trend toward industrialization. Global Windows malware detections on business endpoints increased by 13 percent, and a bifurcation of attack techniques split threat categories neatly between those targeting consumers and those affecting organizations networks. The Trojan-turned-botnets Emotet and TrickBot made a return in 2019 to terrorize organizations alongside new ransomware families, such as Ryuk, Sodinokibi, and Phobos. In addition, a flood of hack tools and registry key disablers made a splashy debut in our top detections, a reflection of the greater sophistication used by todays business-focused attackers. Meanwhile, the 2019 mobile threat landscape fared no better. While Malwarebytes launched a massive drive to combat stalkerwareapps that enable users to monitor their partners every digital movewhich led to an increase in our detections, other nefarious threats lingered on the horizon, with increases in their detections not being helped along by our own research efforts. We observed a rise in pre-installed malware and adware on the devices of our Android customers, with the goal to either steal data or steal attention.In fact, adware reigned supreme for consumers and businesses on Windows, Mac, and Android devices, pulling ever more aggressive techniques for serving Executive summaryGlobal Windows malware detections increased by 13% on business endpointsRise in pre-installed malware and adware on Android devicesFor the first time ever, Macs outpaced Windows PCs in number of threats detected per endpoint2020 State of Malware Report 4up advertisements, hijacking browsers, redirecting web traffic, and proving stubbornly difficult to uninstall. And for the first time ever, Macs outpaced Windows PCs in number of threats detected per endpoint. Even exploits, malvertising, and web skimmers had a banner year. Outside of cryptominers and leftover WannaCry infections, it seemed there were few cybercrime tactics being outright abandoned or on the decline.With an increase in impact and reach, then, came an increase in public awareness and scrutiny. And in no area was this more apparent than data privacy. On the heels of the Global Data Privacy Regulation (GDPR) in Europe and several public social media failures, a tsunami of data privacy legislation, proposals, fines, controversies, and public policies came forward in 2019. After a decade marked by seemingly hundreds of high-profile data breaches, the fallout from all that personally identifiable information (PII) floating around on the dark web finally arrived.MethodologyThe State of Malware report features data sets collected from product telemetry, honey pots, intelligence, and other research conducted by Malwarebytes threat analysts and reporters from January 1 through December 31, 2019. Data from the previous year is used to demonstrate year-over-year change. Our telemetry is derived from Malwarebytes customers, both consumer and business, limited to only real-time detections from active, professional, and premium accounts. This selection reduces outlier data that may skew trends. For example, a user installing Malwarebytes for the first time may have hundreds or thousands of detections from existing infections that werent actively spread during the timeframe of our study. These detections could then muddy data on the distribution or prominence of a particular threat. In addition, we focus on named threats rather than generic detections gathered by heuristics (i.e. anomalous behavior detections), as they provide little-to-no intelligence value. To that end, the numbers presented in this report represent a percentage of our total collected telemetry, however, this percentage tells the most accurate story about the global threat landscape in 2019.2020 State of Malware Report 5Key takeaways Theres been an increasing move over the last two years to organizations over consumers. Overall consumer threat detections are down by 2 percent from 2018, but business detections increased by 13 percent in 2019. This resulted in a mere 1 percent increase in threat volume year-over-year. The sophistication of threat capabilities in 2019 increased, with many using exploits, credential-stealing tools, and multi-stage attacks involving mass infections of a target. While seven of 10 top consumer threat categories decreased in volume, HackToolsa threat category for tools used to hack into systems and computersincreased against consumers by 42 percent year-over-year, bolstered by families such as MimiKatz, which also targeted businesses. Organizations were once again hammered with Emotet and TrickBot in 2019, two Trojan families that started out as simple bankers/info-stealers then evolved into downloaders and botnets. This was reflected in global business detections, as well as regional and vertical-focused telemetry, where TrickBot and Emotet surfaced in the top five threats for nearly every region of the globe, and in top threat detections for the services, retail, and education industries. Emotet was Malwarebytes overall second most-detected threat against organizations, increasing by 6 percent over 2018. However, TrickBots growth in 2019 has been much greater than Emotets. At fourth place in our top business detections, TrickBot rose by 52 percent from last year. Ransomware detections have slightly declined from 2018, however, this is due to a lower rate of WannaCry detections leftover from 2017. Net new ransomware activity against organizations remains higher than weve ever seen before, with families such as Ryuk, Phobos, and Sodinokibi making waves against cities, schools, and hospitals. In fact, Ryuk detections increased by 543 percent over Q4 2018, and since its introduction in May 2019, detections of Sodinokibi have increased by 820 percent. Adware has become much more aggressive in 2019, heavily targeting consumer and business endpoints on Windows, Mac, and Android devices. A new team of the most active adware families have replaced the top adware family detections of 2018. In total, we saw approximately 24 million Windows adware detections and 30 million Mac detections. The top three consumer threat detections belonged to adware families and the number one business detection was also adware. The number one Mac detection, an adware family called NewTab, brought in 28 million detections itself. We saw a significant rise in the overall prevalence of Mac threats in 2019, with an increase of over 400 percent from 2018. However, part of that increase can be attributed to an increase in our Malwarebytes for Mac userbase. To see if that increase reflects the reality of the Mac threat landscape, we examined threats per endpoint on both Macs and Windows PCs. In 2019, we detected an average of 11 threats per Mac endpointnearly double the average of 5.8 threats per endpoint on Windows. Of the four global regions, North America (NORAM) was responsible for 48 percent of our detections, with Europe, the Middle East, and Africa (EMEA) in second place at 26 percent. Latin America (LATAM) and Asia Pacific (APAC) brought up the rear, with 14 and 12 2020 State of Malware Report 6percent, respectively. Two regions saw decreases in overall threats: EMEA detections dropped by 2 percent and APAC, outside of Australia, New Zealand, and Singapore, decreased by 11 percent. In Australia and New Zealand, the dip was more prominent at 14 percent. North America was at the receiving end of more than 24 million threats, up 10 percent from 2018. But LATAM saw the most growth in 2019, up to 7.2 million detections, an increase of 26 percent. On the web threats front, a shift by browser developers to rely more on the Chromium platform gave us concern for the discovery and development of new exploits against today and tomorrows browser applications, and not just for the aging and dwindling Internet Explorer. Meanwhile, web skimmer activity was at an all-time high in 2019, with groups like MageCart aggressively modifying payment processor sites to steal financial information without the need for malware to be installed on the endpoint. Finally, data privacy was heavy on the public mind in 2019, post-GDPR. Several new pieces of legislation were passed in the United States, including laws in Maine, Nevada, and California that may serve as the backbone for future federal regulation. In addition, tech companies such as Apple, Malwarebytes, ProtonMail, and Mozilla launched privacy-forward products in 2019, including tracking blockers, tracking-free browsers, and encrypted calendar tools. On the flip side, many privacy blunders were made by tech juggernauts, such as Google, Amazon, and Facebook, who shipped products with secret microphone features and vulnerabilities enabling customer data to be viewed by employees, sold user data to third-party companies without express permission, and committed other manhandlings of user PII. While the companies publicly pledged to do better on privacy, their revenue models are largely dependent on advertising dollarsmeaning user data is their most valuable asset.2020 State of Malware Report 7Global detections 2018-2019OverallBusiness201850,170,5028,498,93441,671,568201950,510,9609,599,30540,911,655% Change1%13%-2%ConsumerFigure 1. Total number of consumer and business detections in 2019 vs. 2018Windows threat landscape 2019Welcome to 2020, stats fans! Its time for us to observe the 2019 threat landscape through the rearview mirror and take note of the interesting developments that happened throughout the year. To begin, well examine the total number of business and consumer detections in 2019 compared with 2018.According to our product telemetry, overall detections of malware have increased year-over-year by only 1 percent, from 50,170,502 to 50,510,960. However, when we separate business and consumer detections, we can see that while consumer threats declined by 2 percent, business detections increased by nearly 1 million, or 13 percent, from 2018 to 2019.The volume of consumer detections still far outweighs that of businesses, but this trend has been reversing since 2018, when many threat actors began to shift focus to development of malware families and campaigns aimed at organizations where they could profit from larger payouts. Consumer threat categoriesTo get a sense of the types of malware consumers across the globe faced in 2019, we first looked at the top threat categories detected on endpoints running Malwarebytes Premium. Adware is once again the dominant threat category for consumers, as it was in 2018. Detections of adware remained steady throughout the year, with just a slight dip during the summer months. We expect to see adware detections holding on strong for consumers through 2020.Trojan activity, however, has been on the decline for consumers for most of the year, slipping in volume by 7 percent from 2018. As Trojan families such as Emotet moved away from targeting consumers, we saw the 2020 State of Malware Report 8overall category drop as a result. In fact, the dramatic spike in Trojan detections at the beginning of the year was due to an Emotet campaign, but we saw no other such drastic increases in Trojan activity against consumers this year. We expect to see Trojan malware continue to be a problem for con
展开阅读全文