Dave Harcourt, Chief Security Advisor for BT, commented:
Our latest quarterly update shows an overall drop in security incidents over our networks between October and December 2018.
We regularly see fluctuations in the number of attacks over any given time period, but unfortunately a decrease in quantity often does not indicate a decrease to the threat level. For example, the drop this past quarter may show a trend from organized crime groups to target their activity and to focus on lower numbers of higher value victims.
When criminals infect and control a large number of devices, they are able to build ‘botnets’, which can then be used to launch a huge number of simultaneous attacks. Botnets are used in many DDoS attacks, but the decrease in the number of attacks in this area likely shows that many botnet operators are turning their attention towards crypto-mining capability.
Computing power is fundamental to criminal’s success in mining cryptocurrency, and directing botnets towards this activity would indicate it is increasingly being seen as a more profitable avenue for criminals. It’s also likely perceived as ‘safer’ by criminals, as improvements in law enforcement around DDoS in the last 6 months have increased the likelihood of detection.
The decrease in malware blocks over the last three months is also likely to be a consequence of the crypto-mining trend. We’re seeing less ransomware attacks delivered by malware, as attackers focus on crypto-mining as an easier and less-attributable activity.
We believe that the downturn in the number of phishing attacks and scam activity could well be as a result of the improvements brought about by the Active Cyber Defence programme. These include more usage of DMARC (Domain-based Message Authentication, Reporting and Conformance) and increased detections and filtering of suspicious mail traffic.