Cybersecurity is moving away from antivirus detection to utilizing machine learning and data science to combat ever-evolving attacks.

That’s the key takeaway from a new report out today from security firm Sophos Group plc. The SophosLabs 2019 Threat Report details the changes to the threat landscape in 2018, how security has evolved to address that and where it’s heading in the future.

“Traditional antivirus signatures are gradually yielding the first line of defense to advanced protection techniques, such as generalized exploit protections,” Sophos Chief Technology Officer Joe Levy said in the report. “These tools can arrest virtually infinite variations of memory and control-flow abuses, heuristically detecting attacker behavior in would-be epidemics as, for instance, a ransomware attack.”

Another trend, he said, is the application of deep learning and data science to the problems of malware and spam. “With the application of machine learning, we’ve produced the best static predictions of maliciousness, at scales never before achieved,” he said. “These behavioral detections materially, measurably hinder the effectiveness of commodity malware.”

Ransomware variants once again dominated much of the threat landscape in 2018, but the report notes that the significant difference this year was a big return of targeted attacks — that is, attacks targeted at specific individuals and companies as opposed to those that share generic emails in an attempt to score an infection.

Those attacks are multifaceted, with attackers having built up a repertoire of automation, coupled with exploitable vulnerabilities, in an attempt to attack targets rapidly and evade internal security measures or protection in the network and at endpoints.

While automation tools spread, attackers also prominently undertook manual attacks when specifically targeting a given company. The SamSam ransomware, which first got headlines in July, involved the criminal gang behind it brute-forcing passwords until infecting a machine in an attempt to obtain administrative login details.

In an unsurprising find, the report also notes that Windows remains the operating system target of choice for attacks, although attacks targeting Android and “internet of things” devices continue to rise.

Along with more specific advice, the report ends by reminding individuals and enterprises alike of basic fundamentals that help keep systems secure:

• Use a password manager and never reuse passwords.
• Keep up to date with operating system patches and app or software updates.
• Change the default administrator passwords on things like home routers, modems and network-attached storage servers.
• Add a passcode or password pattern to your phone.
• Use multifactor authentication for everything you can use it for.
• Stay mindful and practice reflexive distrust of unknown files, messages or links.

Image: mikemacmarketing/Flickr