The SecureWorks® Counter Threat Unit™ (CTU) research team analyzes security threats and helps
organizations protect their systems. During May and June 2017, CTU™ researchers identified lessons
learned and observed notable developments in threat behaviors, the global threat landscape, and
• The global WCry and NotPetya campaigns reinforced the need for a layered approach
• Attacks used obfuscated malicious files and scripts to bypass filtering and deliver malware.
• A Chinese threat group has had repeated success using compromised websites to attack
• Threat actors have been stealing intellectual property from Japanese enterprises.
The cyberattacks of 2017 proved more numerous, sophisticated, and ruthless than in years past. Threat actors, armed with knowledge stolen from the CIA and tools lifted from the NSA, demonstrated an elevated level of proficiency. WannaCry and NotPetya, two prominent threats from last year, successfully exploited these stolen assets in their assault on systems worldwide. As 2017 progressed, new opportunities developed in ransomware-as-a-service (RaaS), opening the gates of malware-for-profit to everyone. Advancements in fileless attacks provided new ways for threats to hide from once reliable detection methods. Malware features such as polymorphism continued to play a powerful role in evading traditional defenses. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. France and the United States saw significant data breaches during their recent presidential elections. Several high-profile companies lost their customers’ personally identifiable information to cyberattacks, blemishing their brands and costing them untold millions in recovery operations. This report contains an overview of the threat trends and malware families Cylance's customers faced in 2017. This information is shared with the goal of assisting security practitioners, researchers, and individuals in our collective battle against emerging and evolving cyberthreats.