Home > Cyber News > Malware Trends 2018: How Is the Threat Landscape Shaping?

Malware Trends 2018: How Is the Threat Landscape Shaping?

2018 is already here, and it has started pretty strong for cybersecurity with the disclosure of the Meltdown and Spectre vulnerabilities. However, the question still remains – what will this year bring in terms of malware coding, attacks on enterprises and individuals, and data breaches? Let’s take a moment to forecast what’s coming in 2018 regarding cybersecurity.

Most experts expect this year to be a sequel of 2017 when we witnessed some major ransomware outbreaks (WannaCry and NotPetya to name a few), NSA state-level exploit leaks that led to further attacks, lots of catastrophic data breaches (such as Equifax and Yahoo), and IoT-based attacks. Thousands of victims were hit on a global level, and austere questioning had to be done. As a matter of fact, this questioning needs to become a constant for cybersecurity experts, software vendors, manufacturers, governments, individuals.

Nonetheless, 2017 also saw some huge advances in fields like artificial intelligence and cloud security, as expert Max Emelianov shared with us. There were some intense conversation on the security risks behind the Internet of Things, the development of new security regulations like GDPR, and a renaissance for technology like Blockchain.

Related Story: How the Threat Landscape Will Change in 2018

Security researchers agree on one thing – the malware families that ruled the threat landscape last year will continue to dominate it in 2018. What does this mean? Threat actors will continue to rely on the same exploits to penetrate networks, but will surely add new ones to their arsenal. Parallel to the development in endpoint security, evasion techniques will also evolve. However, this year can also be the year when enterprise security gets stronger and fights back.

Let’s have a look at the trends that will be prevalent in 2018.

Cryptocurrency Mining

Web-based scripts and downloaded viruses deliver cryptocurrency miners that take advantage of the available system resources. The criminal operators have resorted into making multiple versions of cryptocurrency miners, also known as coin miners that include varied functionality.

We have seen some pretty major miners rise in 2017, and there is no doubt this is the biggest tendency when it comes to mass attacks deployed on a global level.

Let’s take the Coinhive miner. Coinhive is among the most popular cryptocurrency miners utilized by both computer hackers and web site administrators. It is based on JavaScript code that can be embedded in any page and software. It relies on simple code that executes a series of complex algorithms that mine the Monero cryptocurrency. This is one of the most popular alternatives to Bitcoin which offers improved security and privacy. All Monero transactions are completely private and secure and there is no way of tracing down a payment down to a particular individual or company. We expect to see other instances like the Coinhive appear this year, and the mining trend will definitely be shifting towards altcoins.

Also, at the end of 2017 we saw a new technique that allows malicious actors to continue mining even after a browser is closed. This trend is currently becoming more problematic as researchers stumbled upon a technique that enables malicious users to keep mining for Monero even after the browser window is closed. The research carried out by Jerome Segura was focused on the Chrome browser but other browsers may be affected as well, with different outcomes for each browser.

Related Story: Drive-By Cryptomining Continues After the Browser Is Closed


2017 definitely was аn indicative year for ransomware, and 2018 will not succumb to it. Although some security professionals have predicted that global ransomware incidents have reached their ultimate peak, that doesn’t mean that there is no room left to develop ransomware methods. Ransomware developers have been steadily improving their ways to deploy their tools and payloads.

An analysis by Carbon Black released in September, 2017, shows that the future of ransomware doesn’t hold any good news, at least not for enterprises and home users. Researchers analyzed 1000 ransomware samples and discovered that ransomware will progressively target Linux systems, and will search for ways to carry out SQL injections to infect servers. In addition to this, ransomware is expected to become more targeted by looking for specific file types, attacking specific companies in the legal, healthcare and tax business fields.

Evasive Malware

According to Minerva researchers, evasive malware is one of the biggest trends to be seen to evolve throughout 2018. As to what evasive malware actually is – it covers all the methods and tools hackers employ to evade detection on endpoints and infect them successfully. Researchers discovered that many common malware families seen in 2017, exploit kits and ransomware inclusive, employed at least one evasion technique to bypass security mechanisms on endpoints.

The research reveals that evasion in exploit kits that target vulnerabilities in client-side software is still an effective and widely deployed attack vector. EKs are still among the most prevalent ways of distributing ransomware. Over 60% of EKs relied on evasive techniques to bypass detection, and this is expected to continue happening in 2018. Furthermore, “of the entire attack chain, 99% of campaigns used evasion in either the exploit kit or payload phase”, researchers said. Evasive ransomware campaigns in particular that were delivering families such as Spora, TeslaCrypt, Cryptomix and JigSaw used at least on evasive technique. This trend (of evasive malware) shouldn’t be that surprising as endpoint security products also become more sophisticated. Malware authors have to be quick to adapt and find new ways to be evasive.

Related Story: Magnitude Exploit Kit Used for Cerber Ransomware Hacker Attacks

Malware Vaccination

Did you know that some malware types avoid infecting the system twice by searching for predefined infection markers? If a particular process, registry key or mutex object is present on the host machine, malware will presume that another instance of itself is already active and will terminate itself, as explained by Lenny Zeltser.

That being said, malware vaccination is an option to counter malware attempting to avoid security software through evasion.

Shortly said, malware vaccination is the generation of infection markers on endpoints, so that corresponding malicious programs will not execute, Minerva explains. This is not a revolutionary concept but enterprises are expected to pay more attention to it this year, as there is a broader range of tools making it possible to use vaccines in enterprise security.

In addition, these protective technologies will allow to quickly vaccinate endpoints against threats such as WannaCry, NotPetya and Spora, and new infections that will land this year. This may not be the sole solution for malware prevention, but it should definitely be put in motion at a larger scale.

Android Malware

There were several large malware campaigns targeting Android in 2017. The operating system is often abused for spying on users. This is the case with the GhostCtrl malware. When it was discovered, researchers concluded that it was very likely that the virus had been in development for a long time and tested on different devices as the security reports indicated that it contained a lot of potent featured. Among them is the complete surveillance module.

GhostCtrl Android operators could utilize the built-in functions to record audio from the built-in microphone and video using the cameras that can be transmitted to the hackers. The malware can be used in various surveillance campaigns, and users should be very aware of the privacy risks stemming from such malware instances.

In addition to Android spyware campaigns, malicious apps are always succeeding to bypass Google Play Store’s security mechanisms, so we are pretty sure we will continue to see attacks involving malicious apps.

UEFI and BIOS Attacks

Kaspersky Lab researchers believe that UEFI (Unified Extensible Firmware Interface) and BIOS (Basic Input/Output System) attacks will be very trendy this year:

Established in 2005 by an alliance of leading software and hardware developers, Intel most notable amongst them, it’s now quickly superseding the legacy BIOS standard. This was achieved thanks to a number of advanced features that BIOS lacks: for example, the ability to install and run executables, networking and Internet capabilities, cryptography, CPU-independent architecture and drivers, etc. The very advanced capabilities that make UEFI such an attractive platform also open the way to new vulnerabilities that didn’t exist in the age of the more rigid BIOS. For example, the ability to run custom executable modules makes it possible to create malware that would be launched by UEFI directly before any anti-malware solution – or, indeed, the OS itself – had a chance to start.

The existence of UEFI malware has been known to researchers since 2015, when the Hacking team UEFI modules were unearthed. Considering this, it is somehow surprising that no significant UEFI malware has been detected in the wild. But this could be due to the difficulty in detecting these malware instances in a reliable way. Thus, researchers believe that this year there will be new UEFI-based malware.

In conclusion, all the various types of malware will surely continue to evolve in 2018 and become more dangerous to users and enterprises. Malicious actors will continue to search for means to distribute their payloads more effectively.

Considering the constantly evolving threat landscape, it is strongly recommended that all security measures are taken into consideration, including the use of an anti-malware program that actively protects the system from all kinds of exploits.


Malware Removal Tool

SpyHunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree