Phishing and botnets are still popular attack methods and threats across the board are also becoming more sophisticated and harder to detect.
Topping the list of worst ransomware threats is Emotet, Trickbot and Ryuk (dubbed the ‘Triple Threat’) delivered via the Emotet botnet. This is one of the most successful of 2019 in terms of financial damage. These strains have shifted their focus to more reconnaissance-based operations. They assign a value to the targeted network post infection and then send the ransom for that amount after moving laterally and deploying the ransomware.
Ryuk is the second stage payload for Emotet, infections that are typically delivered by Trickbot resulting in the mass encryption of entire networks. Dridex is also now being used as an implant in the Bitpaymer ransomware infection chain and is also being delivered as a second stage payload of Emotet.

Phishing attacks continue to impersonate big brands including Microsoft, Facebook, Apple, Google and PayPal. But campaigns have also become more personal, with extortion emails using compromised passwords claiming to have captured inappropriate behavior.

The growth of cryptominers has slowed, thanks to a drop in currency values, but they haven’t gone away. Major campaigns in 2019 include Hidden Bee — which has now evolved into payloads inside JPEG and PNG images through stenography and WAV media formats flash exploits. There’s also Retadup — a cryptomining worm with over 850,000 infections, Retadup was removed in August by Cybercrime Fighting Center (C3N) of the French National Gendarmerie after they took control of the malware’s command and control server.

“It comes as no surprise that we continue to see cybercriminals evolve their tactics. They may be using the same strains of malware, but they are making better use of the immense volume of stolen personal information available to craft more convincing targeted attacks,” says Tyler Moffitt, security analyst at Webroot. “Consumers and organizations need to adopt a layered security approach and not underestimate the power of consistent security training as they work to improve their cyber resiliency and protection.”