Despite the rise of Internet of Things (IoT) networks and always-connected mobile devices, cybercriminals are sticking with tried-and-true strategies.

As noted by BetaNews, email phishing and drive-by downloads were the most common threat vectors of 2017, maintaining their top spots from the year before. New threat intelligence data also revealed a threefold increase in ransomware over the last year fueled in large part by variants such as NotPetya and WannaCry.

Industry Cybercrime Trends

ZDNet reported that healthcare was the primary target for ransomware scams last year. In fact, 8 of the top 10 ransomware families were consistently involved in healthcare attacks.

The food industry, meanwhile, topped threat actors’ priority list and attracted 50 percent of all reported attacks, down just 1 percent from 2016, according to the “Cylance 2017 Threat Report.” In 2017, hospitality moved into second spot with 19 percent.

On the attacker side of threat intelligence, the market is shifting gears to offer ransomware-as-a-service (RaaS) tools that would-be cybercriminals can purchase for less than $50. The authors simply take a percentage of any successful ransomware scheme.

Threat Actors Keep It Simple

As noted by the Cylance report, simple techniques, such as phishing, and common malware strains, such as Locky, continue to pay off for attackers. Reported but unpatched vulnerabilities are one problem: With multiple malware strains now available for a reasonable price, malicious actors can easily find software designed to exploit known issues.

Also consider the use of Locky ransomware, which remains largely unchanged since its inception. According to the report, “This old malware didn’t need to take a new approach. The authors behind Locky just had to tweak the only part of the process that can never be fixed — the end user.”

Despite the success of tried-and-true attacks, however, Forbes pointed out that there’s also an uptick in “single-use, highly targeted malware attacks.” This code is designed to carry out a singular purpose on corporate networks and isn’t active in the wild. Instead, it activates once and only once to complete its assigned task.

In fact, 70 percent of the attacked blocked by Cylance were never seen again. As a result, existing lists of malicious code, such as CVE, won’t list this kind of custom-built malware, making it possible for attackers to act with greater impunity. The Cylance report put it simply: “The fact of the matter is that public repositories of signatures are by no means comprehensive, complete, up to date or a reliable record of all the malware that could impact an organization.”

In addition, crypto-mining efforts are gaining ground since many security tools don’t recognize this lightweight software as threatening and visible impact to networks is often minimal. As noted by the Cylance report, crypto-mining tools saw a 504 percent boost through 2017 and are on track for similar growth this year.

Threat Intelligence Takeaway

While more threat actors are designing custom-built malware to beat corporate defenses, the bulk of attacks leverage well-known ransomware tools and common threat vectors. Phishing and drive-by downloads continue to work as employees struggle to identify scam email efforts and malicious links, while the rise of crypto-mining tools reduces the complexity of new attacks.

The bottom line is that while sophisticated software is on the rise, simple remains successful for malicious actors.

More from

New Attack Targets Online Customer Service Channels

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart is its infection vector. Malicious actors are leveraging the helpful nature of customer service agents to deliver their payload and drive the infection process. Here’s a look at how IceBreaker…

Operational Technology: The evolving threats that might shift regulatory policy

Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. Attacks on Operational Technology (OT) and Industrial Control Systems (ICS) grabbed the headlines more often in 2022 — a direct result of Russia’s invasion of Ukraine sparking a growing willingness on behalf of criminals to target the ICS of critical infrastructure. Conversations about what could happen if these kinds of systems were compromised were once relegated to “what ifs” and disaster movie scripts. But those days are…

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…