Cybersecurity technologies provider Symantec reported that ransomware activity fell by 20 percent in 2018 on a year-over-year basis, but that the focus of attacks shifted sharply toward enterprises and away from consumers last year.

The company said that total ransomware infections on endpoints was down 20 percent in 2018, and that the drop in infection numbers increased to 52 percent when excluding WannaCry, NotPetya, and copycat versions of those malware.

Among attack targets, enterprises accounted for 81 percent of all ransomware infections, and the total count of enterprise ransomware infections was up 12 percent last year, even though the total count of all ransomware infections declined, Symantec said.

“This shift in victim profile was likely due to a decline in exploit kit activity,” Symantec said, adding that the main ransomware distribution method in 2018 was email campaigns, to which enterprises are more susceptible since email remains the primary communications tool for organizations.

And contributing to the decline in attacks on consumers is the increased use of mobile devices that back up data in the cloud. “Since most major ransomware families still target Windows-based computers, the chances of consumers being exposed to ransomware are declining,” Symantec said.

Elsewhere in the report, Symantec reported a 78 percent jump in supply chain attacks last year.

“Supply chain attacks, which exploit third-party services and software to compromise a final target, take many forms, including hijacking software updates and injecting malicious code into legitimate software,” Symantec said. “Developers continued to be exploited as a source of supply chain attacks, either through attackers stealing credentials for version control tools, or by attackers compromising third-party libraries that are integrated into large software projects,” it said.

Read More About
More Topics
John Curran
John Curran
John Curran is MeriTalk's Managing Editor covering the intersection of government and technology.