Wednesday 15th May 2019
by Ken Walshe

Ken Walshe

Trojan attacks on the rise

A recent USA based Malwarebytes survey has found that cyber criminals are concentrating more on businesses than consumers these days. Overall, in Q1 2019, threats targeting businesses have increased by 235% compared to the same quarter in 2018. Consumer threats have reduced by nearly 40% from the previous quarter which is great news for us as individuals. But of course, most of us are employees and so still a target. It’s just that the channel has moved from your Gmail to your business email.

SMEs are the target

Cyber criminals are very targeted – money is a great motivator. They handpick organisations, in particular SMEs, they wish to attack and keep trying to gain access in different ways until they succeed. Another report from Hiscox found that number of small firms reporting an attack across the US and Europe rose from 33% to 47% and from 36% to 63% for medium-sized businesses in the last year.

Why are they attacking SMEs above big brands? It’s because SMEs generally have smaller cyber security budgets compared to large companies and so are overwhelmingly unprepared for attacks.

trojan attacks

Emotet trojan attacks

Emotet malware is one of the big trojan attacks with usage increasing over 200% over last year. It was originally a banking trojan that attempted to gain access to your computer to steal sensitive and private information. It evolved to become an industry agnostic spamming and malware delivery service – frequently hidden in Word and XML docs (which is opened in Word). It’s a particularly clever trojan because it can change itself every time it is downloaded, evading signature-based detection. It even is an ingredient of the malware-as-a-service business.

And of course, ransomware is still a hugely popular method of attack with a 195% increase in quarter 1 this year over quarter 4 last year in the USA. Numbers are falling dramatically in the UK. WannaCry (2 years ago this month) had such a great impact that UK-based businesses and the National Cyber Security Centre confronted ransomware head on. Ransomware and malware are also declining in Ireland according to a recent Microsoft report.

And those of you on Macs, well you’re not as safe as you thought you were! There’s been a 60% increase in Mac malware from Q4 2018 to Q1 2019.

So how do you avoid being tricked by these attacks?

  1. If it sounds too good to be true, it probably is!
  2. How is the English? Poor English and bad spelling are big giveaways
  3. Be careful opening any attachment, particularly Word, Excel and PDFs
  4. Do you know the sender?
  5. Are you sure that the sender’s name is actually the sender?
  6. Check the legitimacy of the email link and any URLs by hovering your mouse over them
  7. If you have any doubts, don’t reply – forward
  8. If anything looks dodgy, forward to your IT department

In this day in age a breach is inevitable. Downtime causes most of the damage, so minimise this by having effective data recovery and backup systems in place.

Join the discussion

Your email address will not be published. Required fields are marked *