For the first time ever, Macs saw more cyberthreats per endpoint than Windows PCs, according to the 2020 State of Malware Report.
“We saw a significant rise in the overall prevalence of Mac threats in 2019, with an increase of over 400% from 2018,” the report by Malwarebytes Labs stated.
Part of that increase can be attributed to an increase in its Malwarebytes for Mac user base, the report noted. To see if that increase reflected what was actually happening in the Mac threat landscape, Malwarebytes said, it examined threats per endpoint on both Macs and Windows PCs.
“In 2019, we detected an average of 11 threats per Mac endpoint–nearly double the average of 5.8 threats per endpoint on Windows,” the report said.
SEE: Quick glossary: Cybersecurity countermeasures (TechRepublic Premium)
Another key finding was that overall, consumer threat detections were down by 2% from 2018, but business detections increased by 13% in 2019, the report said. This resulted in a mere 1% increase in threat volume year-over-year.
The sophistication of threat capabilities in 2019 increased, with many using exploits, credential stealing tools, and multi-stage attacks involving mass infections of a target, the report said.
While seven of 10 top consumer threat categories decreased in volume, HackTools–a threat category for tools used to hack into systems and computers–increased against consumers by 42% year-over-year, bolstered by families such as MimiKatz, which also targeted businesses, the report said.
Windows business endpoints
Malware detections on Windows business endpoints globally increased by 13%, and a bifurcation of attack techniques split threat categories between those targeting consumers and those affecting organizations’ networks, Malwarebytes said.
“The Trojan-turned-botnets Emotet and TrickBot made a return in 2019 to terrorize organizations alongside new ransomware families, such as Ryuk, Sodinokibi, and Phobos,” the report said.
Emotet and TrickBot surfaced in the top five threats for nearly every global region and in the top threat detections for the services, retail, and education industries, according to the report.
Emotet was Malwarebytes’s overall second most-detected threat against organizations, increasing by 6% over 2018, the report said. However, TrickBot’s growth in 2019 was far greater than Emotet’s. At fourth place in its top business detections, TrickBot rose by 52% over last year, according to the report.
Ryuk, Phobos, and Sodinokibi made waves against cities, schools, and hospitals in 2019, the report said. “In fact, Ryuk detections increased by 543% over Q4 2018, and since its introduction in May 2019, detections of Sodinokibi have increased by 820%,” the report said.
Adware also became much more aggressive in 2019, heavily targeting consumer and business endpoints on Windows, Mac, and Android devices, the report said.
“In fact, adware reigned supreme for consumers and businesses on Windows, Mac, and Android devices, pulling ever more aggressive techniques for serving up advertisements, hijacking browsers, redirecting web traffic, and proving stubbornly difficult to uninstall,” the report noted.
“A new team of the most active adware families have replaced the top adware family detections of 2018,” Malwarebytes said. “In total, we saw approximately 24 million Windows adware detections and 30 million Mac detections.”
Adware families comprised the top three consumer threat detections, while the number one business detection was also adware, Malwarebytes said. The number one Mac detection, an adware family called NewTab, brought in 28 million detections alone.
Meanwhile, 2019 was also not a good year in terms of the mobile threat landscape.
“While Malwarebytes launched a massive drive to combat stalkerware–apps that enable users to monitor their partners’ every digital move–which led to an increase in our detections, other nefarious threats lingered on the horizon,” the report said. “We observed a rise in pre-installed malware and adware on the devices of our Android customers, with the goal to either steal data or steal attention.”
It was also a “banner year” even for exploits, malvertising, and web skimmers, the report said. “Outside of cryptominers and leftover WannaCry infections, it seemed there were few cybercrime tactics being outright abandoned or on the decline.”
Malware by region
North America was responsible for 48% of detections by Malwarebytes, with Europe, the Middle East, and Africa (EMEA) in second place at 26%. Latin America (LATAM) and Asia Pacific followed with 14% and 12%, respectively.
The EMEA region saw a decline in overall threats by 2%, while threats in APAC, outside of Australia, New Zealand and Singapore, decreased by 11%.
Australia and New Zealand saw a more significant dip: 14%. North America was at the receiving end of more than 24 million threats, up 10% from 2018, according to the report. But LATAM saw the greatest growth in 2019, up to 7.2 million detections, an increase of 26%, the report said.
The State of Malware report includes data sets collected from product telemetry, honey pots, intelligence, and other research conducted by Malwarebytes threat analysts and reporters from all of 2019. Data from the previous year was used to demonstrate year-over-year change, the report said.