The Cylance Threat Report: 2017 Year in Review
The cyberattacks of 2017 proved more numerous, sophisticated, and ruthless than in years past.
Threat actors, armed with knowledge stolen from the CIA and tools lifted from the NSA, demonstrated an elevated level of proficiency.
As 2017 progressed, new opportunities developed in ransomware-as-a-service (RaaS), opening the gates of malware-for-profit to everyone.
Advancements in fileless attacks provided new ways for threats to hide from once reliable detection methods.
Malware features such as polymorphism continued to play a powerful role in evading traditional defenses.
The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. France and the United States saw significant data breaches during their 2017 presidential elections.
Several high-profile companies lost their customers’ personally identifiable information to cyberattacks, blemishing their brands and costing them untold millions in recovery operations.
This report contains an overview of the threat trends and malware families our customers faced in 2017. We share this information with the goal of assisting security practitioners, researchers, and individuals in our collective battle against emerging and evolving cyberthreats.
This report is based in large part on this anonymized threat data collected between Jan 1, 2016 and Dec 31, 2017.
2017 Threat Analysis: Key Findings
- On average, Cylance prevented 3,918 attacks per enterprise in the year 2017, representing an increase of nearly 13.4% over last year
- Within our customer base, Food and Hospitality industries suffered the highest volume of attacks
- Ransomware attacks grew threefold during 2017, affecting all verticals but impacting Healthcare the most
- The top two infection vectors remained email and drive-by downloads
- System damage and data destruction represented the top risks from threats executing within an enterprise environment
Cylance provides security solutions that are focused on protecting endpoints and servers from being compromised by malware, malicious scripts, fileless attacks, and other advanced threats.
Through a lightweight endpoint agent and encrypted communication channels, when a threat is detected, information about the event (including telemetry data) is transmitted to the customers’ private tenant in the Cylance cloud.