Analysis of attack types in the Annual Security Report showed some surprising tendencies. One of them is a significant drop in malware related issues.
Endpoint protection works
One of the noteworthy changes we observed is that malware related incidents had the most impact last year with a share of 45%, compared to Network & Application Anomalies which ranked second with 36% at the same time. This has fundamentally changed, with malware declining to 20% while Network & Application anomalies have increased to 46%.
What we see here is very likely the immediate result of next generation endpoint protection.
While AI based solutions have been around for a while now, their widespread application has taken some time.
Now, more and more customers have started investing in next-gen preventive endpoint protection. And we see the results quite clearly: malware rapidly loses its tooth as a threat, moving down in ranks to third place, after account anomalies.
While elaborate malware and APTs used in targeted attacks still do pose a serious threat, the skill level of the common cybercriminal does not match up-to-date endpoint protection anymore. And that is good news.
When looking at overall malware trends, we notice some striking patterns.
The first two notable tendencies are the drops in attack activities during the beginning of April and the end of July. The latter is likely due to a trend we already observed during previous years: with cybercriminals getting more professional we see them adopting a nine-to-five-mentality. As odd as this seems: hackers now take regular holidays. This may also explain the drop in April, when attacks slowed due to an early Easter holiday.
Another difference in comparison to previous years, is the new rise of attacks considered “old school” like trojans and classic viruses. This was most noticeable at the beginning of the year.
As shown in our research from last year, Ransomware has its highs and lows. What is interesting is the repeated correlation with Cryptocurrency miners. While both attack types showed a rise at the beginning of the year, mining attacks dropped and stayed low from April onwards. Ransomware dropped in April as well, but rose to a new peak in May/June. It is also remarkable that Monero, Ethereum, Litecoin and Bitcoin prices reached a new peak in early summer, but there was next to no effect on the frequency of mining attacks.
In 2018 the major source of incidents was malware, accounting for almost half of the attacks we had detected in our cyber defense centers. Network & application anomalies came in second with a difference of 10% between the two.
This year network related incidents take the crown. Due to many of our customers implementing the newest generation of endpoint protection, malware rapidly loses in relevance, ending up ranked third after account anomalies.
Generally this is a good thing, as some of the most devastating attacks in the past have been malware related. But you have to keep a close look at network detection.
It is also noteworthy that the increase in prices of Bitcoin, Monero and other cryptocurrencies apparently did not inspire new waves of cryptomining.