Stats & Trends
Jonathan Crowe
Sep 2017

3 Dangerous Ways Malware Evolved in 2017

Our new report reveals how the latest attacks are changing and what companies need to be prepared for next.

With the sheer volume of new attack campaigns and new malware that appears each and every day, a common complaint we hear from IT and security professionals is this:

How is it possible to get more proactive and forward-thinking with our security when we're having trouble just keeping up with everything out there?

It's difficult enough to stay on top of individual threats, let alone find the time to step back and idenfity larger patterns and trends. 

With that challenge in mind, we're excited to release our first annual Malware Trends in Review report.  

barkly-2017-year-in-review-preview.pngYou can dive into the full report by downloading it here, or keep reading for a sneak peek below.

3 trends that help explain WannaCry, NotPetya, and attacks that came after

When we set out to create the 2017 Malware Trends Report our goal was to paint a bigger picture of how malware has evolved in 2017. And we figured what better place to start than with the two global outbreaks that dominated the summer? 

For all the well-warrented attention WannaCry and NotPetya generated, it's important to keep in mind these attacks didn't come out of nowhere. Various key components of the attacks that made them successful had appeared in previous campaigns, and have continued to gain traction following the outbreaks.

By viewing these common elements in the context of their wider adoption throughout 2017, we can see that three key trends emerge:

Trend #1: Infections have gone "clickless"

  • Attacks are bypassing user interaction altogether thanks to the use of remote execution exploits (like EternalBlue) and Remote Desktop Protocal (RDP) brute force attacks.

Trend #2: More and more attackers are "living off the land"

  • Attackers are avoiding detection by abusing otherwise legitimate system tools and processes rather than dropping malicious files on disk.

Trend #3: Worm capabilities are seeing a resurgence

  • More attacks have components designed to help infections spread further, faster.

Heading into the final quarter of 2017, companies need to be prepared to encounter and protect themselves from these dangerous trends with increasing frequency.

You'll find more detailed breakdowns of each trend — including specific attack examples and tips for defending against them — by downloading the full report.  

2017 malware trends timeline


It’s not uncommon for advanced tools and techniques developed by targeted attack groups to eventually find their way downstream. Once in the hands
of average cyber criminals, they typically get adapted for more widespread campaigns. But this year, that process was accelerated when the Shadow Brokers hacking group leaked a collection of exploits purportedly developed by the NSA, setting the stage for all the attacks that would later utilize them.

By packaging two of these leaked exploits (EternalBlue and DoublePulsar) together with a worm component, the attackers behind WannaCry were
able to revamp what had previously been an unsuccessful, run-of-the-mill ransomware variant and launch the largest ransomware outbreak of all time.


How the original WannaCry variant was described back in February 2017. Source: Ransomware Chronicle

A month later, NotPetya built on WannaCry’s success, combining the use of EternalBlue with the abuse of otherwise legitimate system tools PsExec and WMIC, enabling the malware to spread deeper inside infected networks, even if devices were patched. Clearly noticing these attacks were onto something, it wasn’t long before several banking trojans (including Emotet) and other ransomware variants (including Sorebrect) were seen adding similar worm capabilities and techniques, as well.

Throughout 2017, we’ve also seen increased focus on using Remote Desktop Protocol (RDP) as an infection vector and subsequent path for spreading malware. These attacks typically involve brute-force attempts to crack weak passwords to gain access to remote devices.

Bottom line

By leveraging various combinations of tactics previously only used by advanced nation-state actors, today's common cyber criminals are creating infections that are more difficult to block, detect, and contain. Companies need to ensure their security is keeping pace with these evolutions in malware, and a great first step is learning about them in more detail.

Download the full 2017 Malware Trends in Review report.

Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical point of view.


2017 Malware Trends in Review

How attacks are evolving and what to expect next.

Get my report


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.