Malwarebytes Labs Report shows shift to business targets in Q3

Once again, it’s that time of year: time for the quarterly Malwarebytes Labs Cybercrime Tactics and Techniques Report. Strap in your seat belts, folks, because the third quarter of 2018 was quite a wild ride.

After a sleepy first two quarters, cybercriminals shook out the cobwebs and revved up their engines in Q3 2018. With cryptominers and exploit kits maturing, ransomware ramping up with steady, sophisticated attacks, and banking Trojans experiencing a renaissance, we’re having one heck of a season. Attack vectors were at their most creative—and most difficult to remediate—especially for businesses.

In fact, businesses saw far more action this quarter than consumers—their total detections trended upwards by 55 percent, while consumer detections increased only by 4 percent quarter over quarter. It looks like threat actors are searching for more bang for their buck, and business targets are returning more value for their efforts. Banking Trojans and ransomware, traditionally aimed at both businesses and consumers, leaned much harder into their business targets this quarter. Even malware that’s generally favored consumers, such as cryptominers and adware, seems to have graduated to a more professional prey.

Consumers didn’t get away from Q3 unscathed, however. They saw a whole lot of scam action this quarter, especially the ever-classic sexploitation technique, but this time it came with a twist—scammers used stale personally identifiable information (PII) likely pulled from breaches of old to scare users into action. And although the bad guys were up to no good, we at Malwarebytes had a field day taking a bunch of them down.

So how did we draw our conclusions for this report? As we’ve done for the last several quarterly reports, we combined intel and statistics gathered from July through September 2018 from our Intelligence, Research, and Data Science teams with telemetry from both our consumer and business products, which are deployed on millions of machines.

If you want to learn more about the key developments in cybercrime last quarter, including the latest threats, newest attack methods, noteworthy scams, and predictions for Q4 cybercrime trends, check out the full Malwarebytes Labs Cybercrime Tactics and Techniques Report.