Which specific malware trends should American businesses be prepared for?

In 2017, more than 700 million malware specimens were discovered. In this type of environment, it can be a considerable challenge for enterprises to keep up with the ever-changing threat landscape and ensure their internal protections are sufficient for safeguarding their most critical IT assets and data.

After all, with each new day comes a sophisticated and advanced approach on the part of hackers to breach systems, snoop and steal information, and slink away unnoticed. Thankfully, a beneficial approach to take for protection involves identifying the most popular and widespread threats and working to guard against these attacks specifically.

In this spirit, let’s take a look at the top malware trends among cyber attackers and American businesses today. Here are the most pervasive malware and attack approaches to be prepared for.

Q1 2018 tells a story

Based on information from our Trend Micro™ Smart Protection Network™, we’ve identified three top trends within the threat landscape that hit a majority of enterprise victims during the first three months of 2018.

Overall, Q1 of this year broken down looked like this:

  • January saw more than 29,500 malware infections detected.
  • February experienced a small drop in detections, with more than 21,000 in total in North America.
  • March ramped up considerably with more than 40,400 malware detections.

Of these instances, there were three main threats that made up the majority of attacks: Information stealers, ransomware and cryptocurrency miners.

Malware remains a consistently growing problem across the globe.

Information stealers

This type of attack is nothing new – in fact, enterprises have considered information theft a top threat for years now. With each new, large-scale breach comes the announcement of massive information theft, typically revolving around customer data or company intellectual property.

As Trend Micro discovered through our Smart Protection Network, malware families including EMOTET, DRIDEX and QAKBOT had some of the highest infection rates, becoming effective means of information theft for cybercriminals. Although there are a number of different solutions on the market currently with the specific purpose of safeguarding against this kind of information stealing infection, it appears that this threat still presents an obstacle for enterprise data security.

“Given the large number of security technologies that are designed to combat them, it would make sense to think that IT teams would have little difficulty in detecting and containing these threats,” noted Jennifer Hernandez, Anjali Patil and Jay Yaneza, Trend Micro researchers. “However, our high detection numbers indicate that they still pose a significant problem for organizations. Considering that there are even more challenging threats in the wild, we start to get an idea of what IT teams are dealing with when it comes to security.”

Information theft, ransomware and cryptocurrency miners are top threats within the current landscape.


Again, this certainly is not a new threat: Ransomware samples have been around for about a decade and rose within mainstream cyber threats over five years ago. However, individual users and high-profile enterprises alike are still being targeted and victimized by threats that encrypt their data and lock them out of operating systems until a ransom is paid to hackers.

One of the most dangerous issues connected with ransomware is the fact that when a business is impacted and is unable to access its key systems, applications and data, its overall operations and relationships with customers and partners is affected as well.

“In a worse-case scenario, large numbers of an enterprise’s endpoints can be crippled, resulting in the inability to run the business properly,” Hernandez, Patil and Yaneza wrote. “With these in mind, IT teams have a strong reason to ensure that their networks are as safe as possible from a full-blown attack.”

Although overall ransomware infection numbers have seen a slight decline recently, there are still certain significant variants to be concerned about, including WCRY and LOCKY. These emerged and saw considerable attention in 2017, particularly after LOCKY was identified as the cause of a ransomware infection at an aerospace corporation.

MIT Technology Review contributor Martin Giles predicts that in 2018, we’ll see an increase in ransomware infections against cloud computing organizations, which rely on considerable amounts of data to operate.

Cryptocurrency miners

This threat has been quickly rising, with cyber criminals taking control over powerful computing systems without authorization in order to mine digital currencies and add to the underlying blockchain. This system works through the efforts of miners who resolve hash functions in order to verify the data of each digital transaction. Once verified, the transaction is added to the next block in the blockchain, and the miner receives small compensation.

However, as Giles pointed out, it’s not the theft of the cryptocurrency mining reward that’s the issue here – it’s the theft of the associated computing power needed to support the process.

“Mining cryptocurrencies requires vast amounts of computing capacity to solve complex mathematical problems,” Giles wrote. “[T]hat’s encouraging hackers to compromise millions of computer in order to use them for such work. As currency mining grows, so will hackers’ temptation to breach many more computer networks.”

According to Trend Micro’s data, cryptocurrency miners were the second most-detected malware threat during the first quarter of 2018, including top malware variants like COINHIVE, COINMINER, MALXMR and CRYPTONIGHT. Overall, Q1 saw more than 16,500 detections of cryptocurrency mining malware.

Guarding against top threats

As noted, many of the top attack styles seen during the first few months of 2018 were not new threats – information stealers, for example, have been a top, persistent concern for security teams for several years. However, because of the complexity and increasing sophistication of these infections, they remain a security issue.

In this instance, enterprises must ensure that traditional and proven data protection approaches still apply. This includes ensuring that all security and other applications are up-to-date with the most recent patches.

In addition, it’s imperative that employee users are trained on current security best practices, and are trained in what to look for when it comes to suspicious activity that can constitute a threat. In this way, users are more prepared to respond and prevent an attack.

Overall, one of the best strategies to utilize in order to guard against current threats involves a proactive protection stance. As Trend Micro researchers noted, this can be difficult for enterprises to achieve with their existing resources, but turning to managed detection and response (MDR) may provide the best option.

MDR processes are supported by a team of outsourced security experts, who handle proactive threat detection, vulnerability assessment, installing patches and upgrades, intrusion detection and system monitoring.

Download our research to learn more about the top trends in the American threat landscape, and how MDR can help safeguard enterprises’ top IT assets and data.

Read More HERE