New global cybercriminal attack patterns emerge as ransomware, ad fraud and botnets evolve
- Ransomware became favorite attack methodology used against businesses in the U.S. and Europe
- Ad fraud emerged as a primary threat, outpacing ransomware
- Botnets took advantage of IoT devices and spread rapidly in Asia and Europe
- Europe: the most malware-impacted continent
Malwarebyte (https://www.malwarebytes.com/business) has released a security research report on the top malware threats for 2016. The findings, presented in the Malwarebytes State of Malware Report (https://go.malwarebytes.com/StateofMalware0117.html?ref=pr_mwb), illustrate a significant shift in cybercriminal attack and malware methodology from previous years. Ransomware, ad fraud and botnets, the subject of so much unjustified hype over previous years, surged to measurable prominence in 2016 and evolved immensely. Cybercriminals migrated to these methodologies en masse, impacting nearly anyone and everyone.
To better understand just how drastically the threat landscape evolved in 2016, Malwarebytes examined data taken from Windows and Android devices running Malwarebytes in more than 200 countries. Both corporate and consumer environments were studied and data was collected from June 2016 through November 2016. In the six months studied, nearly 1 billion total malware detections/incidences were reported. Data was also obtained from Malwarebytes’ internal honeypots and collection efforts to identify malware distribution, not only infection.
“To protect users from cybercriminals, we need to intimately understand their methodologies and tactics,” said Marcin Kleczynski, Malwarebytes CEO. “Our findings demonstrate that the frequency and variety of new cyberattacks has crashed into people and businesses at an alarming rate. The last year involved an onslaught of ransomware, a surge of pernicious ad fraud and new, dangerous uses for botnets. These threats have the potential to erode many of the gains that computing is providing global society. Both consumers and businesses need to better understand how these new attack methodologies may impact them.”
Key findings highlighted in the report include:
- Ransomware grabbed headlines and became the favorite attack methodology used against businesses, particularly in North America and Europe.
- Ransomware distribution between January 2016 and November 2016 increased by 267 percent.
- In the fourth quarter of 2016 alone, we catalogued nearly 400 variants of ransomware.
- Ransomware detections accounted for 12.3 percent of all enterprise threats, but only 1.8 percent of consumer threats.
- 81 percent of ransomware detected in corporate environments occurred in North America.
- Ad fraud malware, led by Kovter malware, exceeded ransomware detections at times, and poses a substantial threat to consumers and businesses.
- In 2016 we observed Kovter, one of the most dangerous malware families in the wild, primarily being used for ad fraud.
- Kovter was one of the biggest threats of this last year for Americans, more than anyone else, with 68.64 percent of all infections occurring in the U.S.
- Kovter’s change in methodology and distribution is significant because it mirrors the trends we’re seeing with surges in ransomware: Kovter and ransomware both provide a source of direct profit for the attackers.
- Botnets infect and recruit Internet of Things devices to launch massive DDoS attacks.
- In 2016 we saw a new use for botnets, to compromise and infect the Internet of Things (IoT).
- Asia and Europe saw an increase in variants developed from popular botnet families. For example, the Kelihos botnet grew 785 percent in July and 960 percent in October, while IRCBot grew 667 percent in August and Qbot grew 261 percent in November.
- Germany also dealt with a substantial botnet problem. The country saw a 550 percent increase in the amount of botnet detections from 2015 to 2016.
- Mobile malware evades detection from mobile security engines, resulting in an increase in the amount of mobile malware detected.
- In 2016, we observed the increased use of randomization utilized by the malware authors to evade detection from mobile security engines, resulting in an increase in the amount of mobile malware detected.
- Brazil, Indonesia, the Philippines, and Mexico made the top 10 countries for Android malware detections. The high prevalence of Android malware detections in developing countries can be attributed to the extensive use of relatively unsecured third-party app stores in those countries.
- Europe is the most malware-ridden continent, and distribution of detections is telling.
- Europe saw 20 percent more infections than North America and 17 times more than Oceania.
- The countries hit hardest by malware in Europe are France, the UK, and Spain—although the Vatican City saw the steepest rise with a 1,200 percent increase in all malware.
- The UK saw almost twice as many incidents as Russia, and Russia was not in the top 10 of countries hit by ransomware, despite its size and population.
- Germany is the second-most impacted country by ransomware, following the US, supporting the theory that malware authors use Germany as a testing ground for their wares before wider distribution.
“In the last year, we have seen a huge transition in the top malware threats and how they are distributed,” said Adam Kujawa, Director of Malware Intelligence, Malwarebytes. “Attackers are always seeking the greatest possible profit, causing them to shift methodology per region and geography, based on user awareness and attack success rate. The use of ransomware and ad fraud, specifically Kovter, have taken off because they provide a source of direct profit for attackers. This is the future of cybercrime, and it is imperative that we continue to study how these methods evolve over time.”
To view the full global State of Malware report for more detailed findings and analysis, visit: www.malwarebytes.com/pdf/white-papers/stateofmalware
Malwarebytes continues to research and innovate solutions against the evolving threats faced by all, whether the computer use is at home or at work. Another recent Malwarebytes research report on ransomware documented late-2016 trends on this threat from more than 200 countries. These reports and analysis from Malwarebytes global telemetry feeds aids the company in developing solutions like Malwarebytes 3.0 (https://www.malwarebytes.com/premium), a first of its kind. Employing four independent technology modules – anti-malware, anti-ransomware, anti-exploit and malicious website protection – Malwarebytes blocks and removes both known and unknown threats across the globe.
Malwarebytes is the next-gen cybersecurity company that millions worldwide trust. Malwarebytes proactively protects people and businesses against dangerous threats such as malware, ransomware, and exploits that escape detection by traditional antivirus solutions. The company’s flagship product combines advanced heuristic threat detection with signature-less technologies to detect and stop a cyberattack before damage occurs. More than 10,000 businesses worldwide use, trust, and recommend Malwarebytes. Founded in 2008, the company is headquartered in California, with offices in Europe and Asia, and a global team of threat researchers and security experts. For more information, please visit us at http://www.malwarebytes.com/.
Malwarebytes founder and CEO Marcin Kleczynski started the company to create the best disinfection and protection solutions to combat the world’s most harmful Internet threats. Marcin was recently named “CEO of the Year” in the Global Excellence awards and has been named to the Forbes 30 Under 30 Rising Stars of Enterprise Technology list and the Silicon Valley Business Journal’s 40 Under 40 award, adding those to an Ernst & Young Entrepreneur of the Year Award.