(It’s that time of the year in New Zealand.  This little post was in draft just ahead of the summer holiday period and it has taken until now to hit “publish”.  Between then and now the industry has been rocked by the Meltdown and Spectre CVEs which are commanding the attention of IT departments, service providers and vendors globally.  We’ll be presenting some practical perspectives on these very shortly, but we’ll go ahead and hit “publish” on this one nonetheless.  These speculative execution exploits are big news and will continue to dominate security and IT news for months and years to come.  Unfortunately they are unlikely to supplant the background trends described below however, so let’s look at some of those…).

Throughout 2017, the turmoil caused to individuals and organisations by malware and ransomware attacks made headlines across the world. Recurring outbreaks ground numerous companies and organisations to a halt, and cost them precious revenue – both in terms of time lost and forced ransom payments.

By taking a looking back over the past year and spotting trends, we can try and predict what key issues we are likely to face in 2018 in terms of malware and ransomware threats.

One of the recurring themes of 2017 was the overall surge in ransomware, with Cerber, WannaCry and NotPetya never out of the news for very long. The increase in ransomware-as-a-service, where malicious software is developed and then sold as a kit, often on the dark web with various pricing and service models, helped fuel this surge. In 2017, ransomware attacks happened throughout the world, throughout the year, and throughout an increasing variation of business and organisation types. The healthcare and education sectors were both harder hit than in previous years, but businesses of all types and sizes have been hit.  This particular genie is well and truly out of the bottle: the model works, and currently has the potential to generate significant amounts of money.  Although we are going through a relative quiet patch just now (for ransomware at least) it is hard to see that this general ransomware trend will not continue in 2018.

Ransomware remained a big problem for Android users in particular in 2017, with the number of malicious apps in circulation increasing year on year – Rootnik being the most active. Other apps were found to be infected with spyware such as Lipizzan. Android malware seems set to increase in 2018, on Google Play as much as from the side-load market.

More malware also started appearing in 2017 aimed specifically at Macs. And whilst the number of attacks on Macs remain relatively low, nuisance programs and ad-ware are not uncommon. Ransomware aimed at Macs is starting to gain traction, along with some worrying personal privacy malware in OSX/FRUITFLY.B, and 2018 will surely see continued efforts to compromise this traditionally less targeted OS.

According to SophosLab’s 2018 Malware Forecast:

enterprises must continue to educate employees and end users on the social engineering tactics attackers use to trick them into downloading malware. They must also continue to keep track of vulnerabilities and patches that affect their systems.”  Particularly, as “the threat landscape keeps changing” it is hard to predict the future.

However, 2017 has certainly taught us the following: that the threats are increasing in seriousness and frequency and becoming more sophisticated in nature, and the defensive measures that we need to take to protect ourselves and our businesses are becoming more fundamental and must be conducted more often and with more care.

phew!  We can help with that.