Security Market Segment LS
Friday, 10 March 2017 11:17

Malwarebytes says in 2016 threat reality caught up with hype


Malwarebytes' latest global state of malware report states, “2016 – the year threat reality caught up with the threat hype".

To better understand just how drastically the threat landscape evolved in 2016, Malwarebytes examined data from more than 200 countries for Windows and Android devices running Malwarebytes.

Both corporate and consumer environments were studied and data was collected from June 2016 through November 2016. In the six months studied, nearly 1 billion total malware detections/incidences were reported. Data was also obtained from Malwarebytes’ internal honeypots and collection efforts to identify malware distribution, not only infection.

Malwarebytes chief executive Marcin Kleczynski said, “To protect users from cyber criminals, we need to intimately understand their methodologies and tactics. Our findings demonstrate that the frequency and variety of new cyberattacks has crashed into people and businesses at an alarming rate.

“The last year involved an onslaught of ransomware, a surge of pernicious ad fraud and new, dangerous uses for botnets. These threats have the potential to erode many of the gains that computing is providing global society. Both consumers and businesses need to better understand how these new attack methodologies may impact them.”

Before the key global finding are examined Australian findings included:

  • Australia makes up 3.33% of all banking trojan detections – 10 times the global average.  Australia ranked seventh globally in detections of banking trojans.
  • Australia has far fewer botnet detections than the global average.
  • Ransomware stands out. Listed at number 6 in the Top 10 countries for ransomware detections, Australia makes up 3.2% of the total ransomware detected.
  • Australia experienced an onslaught of Cerber ransomware detections in October, with these alone accounting for 31.4% of all ransomware detected
  • Australia also ranked 8th in the top 10 for Ad fraud.
  • Australia only ranked 18th in terms of Android malware detections, accounting for 1.1% of global detections during the period.

Key global findings include:

Ransomware grabbed headlines and became the favourite attack methodology used against businesses, particularly in North America and Europe

  • Ransomware distribution between January 2016 and November 2016 increased by 267%. In Q4, 2016 nearly 400 variants of ransomware were catalogued.
  • Ransomware detections accounted for 12.3% of all enterprise threats, but only 1.8% of consumer threats.
  • About 81% of ransomware detected in corporate environments occurred in North America.

Ad fraud malware, led by Kovter malware, exceeded ransomware detections at times, and poses a substantial threat to consumers and businesses

  • The year 2016 saw Kovter, one of the most dangerous malware families in the wild, primarily being used for ad fraud.
  • Kovter was one of the biggest threats of this last year for Americans, more than anyone else, with 68.64% of all infections occurring in the US.
  • Kovter’s change in methodology and distribution is significant because it mirrors the trends with surges in ransomware: Kovter and ransomware both provide a source of direct profit for the attackers.

Botnets infect and recruit Internet of Things devices to launch massive DDoS attacks

  • The year 2016 saw a new use for botnets, to compromise and infect Internet of Things devices.
  • Asia and Europe saw an increase in variants developed from popular botnet families. For example, the Kelihos botnet grew 785% in July and 960% in October, while IRCBot grew 667% in August and Qbot grew 261% in November.
  • Germany also dealt with a substantial botnet problem. The country saw a 550% increase YoY.

Mobile malware evades detection from mobile security engines, resulting in an increase in the amount detected

  • The year 2016 saw the increased use of randomisation by malware authors to evade detection from mobile security engines, resulting in an increase in the amount of mobile malware detected.
  • Brazil, Indonesia, the Philippines, and Mexico made the top 10 countries for Android malware detections. The high prevalence of Android malware detections in developing countries can be due to  extensive use of relatively unsecured third-party app stores.

Europe is the most malware-ridden continent, and distribution of detections is telling

  • Europe saw 20% more infections than North America and 17 times more than Oceania.
  • The countries hit hardest by malware in Europe are France, the UK, and Spain – although the Vatican City saw the steepest rise with a 1200% increase in all malware.
  • The UK saw almost twice as many incidents as Russia. The latter was not in the top 10 of countries hit by ransomware, despite its size and population.
  • Germany is the second-most affected country by ransomware, following the US, supporting the theory that malware authors use Germany as a testing ground for their wares before wider distribution.

Adam Kujawa, director of Malware Intelligence, Malwarebytes, said, “In the last year, we have seen a huge transition in the top malware threats and how they are distributed. Attackers are always seeking the greatest possible profit, causing them to shift methodology per region and geography, based on user awareness and attack success rate. The use of ransomware and ad fraud, specifically Kovter, have taken off because they provide a source of direct profit for attackers. This is the future of cybercrime, and it is imperative that we continue to study how these methods evolve over time.”

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News