The new Vulnerability and Threat Trends Report released by Skybox includes security analyst research of the vulnerabilities, exploits and threats that in play today. The report includes the a list of the top malware in 2018 that businesses and critical infrastructure organizations should watch out for, including ransomware, OT malware and banking Trojans.

To read the full report, click here.



  • Spread to 150 countries within a matter of hours


  • Wiper masquerading as ransomware (ransomwiper)
  • Does not have a kill switch like WannaCry
  • Crippled a large part of Ukraine’s infrastructure and some of the private sector
  • Capable of bricking machines


  • Pioneering ransomware-as-a-service schemes
  • Distributed via different exploit kits in multiple campaigns
  • Infected 150,000 victims in one month alone

OT Malware


  • Takes control of electricity substation switches and circuit breakers directly using industrial communication protocols present in critical infrastructure worldwide
  • Uses the functionality of the protocol (designed decades ago) against itself


  • Remote access Trojan
  • Used in attacks against Ukrainian critical infrastructure

Banking Trojans


  • Banking credential-stealing malware via the end user’s browser
  • Targeting financial organizations across the globe, focusing on the U.K.


  • Steals banking credentials
  • Active since 2014, but constantly changing
  • Estimated damage has reached the hundreds of millions of dollars

WannaCry and NotPetya Signal an Era of Hybrids

The two ransomware finalists at the top of our list were less than stellar at collecting ransom. Both WannaCry and NotPetya started out as ransomware attacks, but the email accounts to which a victim could use to pay the ransom were both blocked. They also weren’t purely ransomware. WannaCry spread via a worm, and NotPetya seemed more intent on being a wiper in ransomware’s clothing.

Traditionally, malware has fallen into distinct catego­ries, like ransomware, banking Trojans, worms, etc. Now, as these divisions disappear and attacks use multiple elements to evade detection/spread/reach their goal, threat intelligence has never been more vital.

While we hope you find the Vulnerability and Threat Trends Report insightful, we also hope it helps you to think of how such intelligence is being integrated (or not) into your security program — not just for vulnerability and threat management, but network security operations as well.

To learn more about how the Skybox™ intelligence feed delivers current vulnerability and threat intelligence to all of the modules in our suite, click here.

About the Vulnerability and Threat Trends Report

The inaugural report aims to help organizations align their security strategy with the reality of the current threat landscape. The force behind the report is the Skybox™ Research Lab, a team of security analysts who daily scour data from dozens of security feeds and sources as well as investigate sites in the dark web. They validate and enhance data through automated as well as manual analysis, with adding their knowledge of attack trends, cyber events and TTPs of today’s attackers.


Related Posts

A Brief History of Distributed Cybercrime: 6 Reasons why cybercriminals love the new business model

Does WannaCry Mark a New Era of Global, Distributed Cybercrime?:  WannaCry spread with lightning speed because it’s a combination of ransomware and malware that only needed to be downloaded to one machine, after which it could spread throughout a system on its own.