Trojans to Ransoms- The Cybercrime Shift

Trojans to Ransoms- The Cybercrime Shift

In our always-connected world, understanding cyber threats is super important to keep ourselves and our organizations safe. Cisco’s “Cyber Threat Trends Report: From Trojan Takeovers to Ransomware Roulette” gives us a clear look at the biggest online dangers right now, and it really highlights how important DNS security is in fighting them.

The Dynamic Nature of the Threat Landscape

The digital world is never still. Every day, billions of new connections are made on the internet. With more things to protect than ever before , and the way we work constantly changing, organizations are more open to clever attacks.

DNS: A Pivotal Player in Threat Detection

Even though the Domain Name System (DNS) was first made to connect people to websites and apps quickly and correctly, it’s turned out to be a key tool in cybersecurity. Every time you go to a website, open an app, or update software, your device uses DNS. Cisco sees a huge number of these DNS requests – about 715 billion every day.

This gives them a unique view of more threats, malware, and attacks than any other security company. This special insight, backed by the expert team at Cisco Talos (the biggest non-government threat research group in the world) , helps them spot and block attacks much faster. A lot of today’s tricky attacks actually use DNS activity , which means having good DNS security is vital for finding harmful activity and systems that have been hacked.

Key Findings: Unpacking the Foremost Threats

The report looked at DNS activity from organizations using Cisco Umbrella between August 2023 and March 2024. It found three main types of threats that were blocked millions of times each month:

• Information Stealers (246 Million average monthly blocks): These malevolent programs are designed to illicitly acquire personal and financial data, including stored browser passwords, credit card information, and cryptocurrency wallets. Their operation generates substantial DNS traffic as they exfiltrate data from compromised organizations. Their enduring prevalence is attributed to their capacity for covertly harvesting valuable sensitive data, the continuous emergence of new variants that evade detection, and diverse distribution tactics such as phishing and malvertising campaigns.
• Trojans (175 Million average monthly blocks): Often camouflaged as legitimate software, Trojans can clandestinely monitor users, pilfer sensitive data, and establish backdoor access to systems. They remain a widespread threat due to their deceptive nature, their ability to operate surreptitiously, and their effectiveness in gaining unauthorized access and delivering additional malware.
• Ransomware (154 Million average monthly blocks): This type of malware encrypts files, rendering them inaccessible, and demands a ransom payment for decryption, frequently threatening permanent data loss or exposure. Ransomware persists as a significant threat due to its direct monetization of attacks, the growing availability of ransomware-as-a-service platforms, and organizations’ often insufficient backup and recovery procedures.

The report further details other notable threats:

• RATs (Remote Access Trojans) (46 Million average monthly blocks): These provide surreptitious administrative control, empowering intruders to monitor user behavior, access confidential information, and propagate additional malware. Their stealth, capacity for deep system access, and versatile application in targeted attacks contribute to their continued presence.
• APTs (Advanced Persistent Threats) (40 Million average monthly blocks): These complex and sophisticated threats are designed to target specific entities with the intent of information theft or operational disruption, often remaining undetected within a network for prolonged periods. Frequently backed by well-funded cybercriminals or state-sponsored groups , their enduring focus on espionage and intellectual property theft, coupled with their ability to evade detection for months or even years, renders them a continually evolving and persistent cybersecurity challenge.
• Botnets (31 Million average monthly blocks): Comprising networks of infected computers (bots) remotely controlled by a “botmaster” , botnets can launch Distributed Denial-of-Service (DDoS) attacks, disseminate spam emails, steal data, or spread malware without the owners’ knowledge. Their ability to rapidly propagate across a vast number of devices, including insecure IoT devices, and their versatility in executing a range of malicious activities, make them challenging to detect and dismantle.
• Droppers (20 Million average monthly blocks): These malware variants are engineered to install other malicious software onto a target system. The dropper itself typically does not cause direct harm; instead, its primary purpose is to evade detection and establish a foothold, from which it can discreetly download and execute more destructive programs. They play a critical role in multi-stage malware attacks by facilitating the covert delivery of payloads.
• Backdoors (14 Million average monthly blocks): A backdoor represents a method by which unauthorized users can bypass standard authentication procedures to gain remote access to a computer or network. They furnish attackers with continuous, unauthorized access to compromised systems, enabling long-term exploitation for data breaches, surveillance, or further malicious activities.

Strategic Recommendations for Enhanced Defenses

The report suggests that by keeping an eye on and controlling DNS requests, security pros can often find and stop bad traffic before it even reaches your devices. Here are some key recommendations

1. Leveraging DNS Security: This involves implementing DNS filtering to block access to known malicious domains, integrating threat intelligence feeds to maintain up-to-date lists of malicious hosts, regularly monitoring and analyzing DNS logs for anomalous patterns indicative of malicious activity, and securely configuring DNS resolvers to prevent DNS hijacking and cache poisoning attacks.
2. Protecting Endpoints: Essential steps include segmenting networks to restrict malware propagation, deploying advanced endpoint protection solutions capable of detecting and blocking malware (including zero-day threats through behavioral analysis and machine learning), and implementing stringent access controls based on the principle of least privilege and robust authentication methods.
3. Implementing a Comprehensive Security Defense Strategy: This encompasses keeping all systems and software updated with the latest patches to mitigate known vulnerabilities, educating employees on security best practices to identify phishing and social engineering tactics, conducting regular backups of critical data with secure storage and rapid restoration capabilities (especially crucial for ransomware recovery), developing and regularly testing an incident response plan, and establishing a multi-layered security approach that combines DNS-layer security with other controls such as firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).

Good DNS security can help prevent about one-third of cyber incidents, potentially saving up to $10 billion in losses. Cisco is a world leader in DNS-layer security, with solutions like Cisco Umbrella, which is part of their Security Service Edge (SSE) product family. These tools help protect users and your whole setup from online threats

Download the FULL report here from CISCO web site

Automated DFIR Rethinking the SOC

Navigating 2025 Cyber Frontier with Lyfts CISO

Recent Cyberattacks Highlight Network Vulnerabilities – Free Webinar

India vs Pakistan Cyber Conflict – Decoding the Digital Battlefield

Legal and Regulatory Landscape of Endpoint Security

How Coinbase was Compromised – The Role of Social Engineering and Insider Threats

Boost Your Digital Defenses

Boardrooms without CISOs are Risking More Than They Know

Network Security a Top Priority for CISOs

Keywords

global cybercrime market global financial sector banking trojan variant What is a Trojan attack in cyber crime? Can a Trojan be ransomware? What are the 5 stages of a ransomware attack? Who are the top 5 cyber criminals?