Spam emails containing malware significantly dropped in 2018, to just six percent, down from 26 percent in 2017. But at the same time malware is becoming more sophisticated and harder to detect.
These are among the findings of the latest Global Security Report from Trustwave. The largest single category of malware encountered is downloaders at 13 percent.
Remote access Trojans (RATs) at 10 percent and web shells at eight percent, both of which give attackers extensive control over compromised computers, are the second and third most common types of malware discovered. Memory scrapers and dumpers used to steal payment card numbers from point-of-sale (POS) systems have seen a sharp decline from 16 percent in 2017 to just eight percent in 2018 as chip technologies become more prevalent.
The added sophistication shows in that 67 percent of malware analyzed uses obfuscation to help avoid detection, a leap from 30 percent the previous year. Social engineering continues to play a part too. In both cloud and POS environments, 60 percent of breach investigations attribute successful social engineering as allowing cybercriminals to gain entry.
Web applications are still a problem with 100 percent of web applications tested owning at least one vulnerability, and the median number of vulnerabilities rising to 15, up from 11 in 2017.
On a positive note detection of and response to threats is improving. The median time duration from threat intrusion to containment fell to 27 days, from 67 days in 2017, and the median time between intrusion and detection for externally detected compromises fell to 55 days, down from 83 days in 2017. Adoption of technologies like endpoint detection and response, behavioral analytics and stronger organizational security maturity has helped lead to improvements.