Security Market Segment LS
Friday, 10 March 2017 11:17

Malwarebytes says in 2016 threat reality caught up with hype


Malwarebytes' latest global state of malware report states, “2016 – the year threat reality caught up with the threat hype".

To better understand just how drastically the threat landscape evolved in 2016, Malwarebytes examined data from more than 200 countries for Windows and Android devices running Malwarebytes.

Both corporate and consumer environments were studied and data was collected from June 2016 through November 2016. In the six months studied, nearly 1 billion total malware detections/incidences were reported. Data was also obtained from Malwarebytes’ internal honeypots and collection efforts to identify malware distribution, not only infection.

Malwarebytes chief executive Marcin Kleczynski said, “To protect users from cyber criminals, we need to intimately understand their methodologies and tactics. Our findings demonstrate that the frequency and variety of new cyberattacks has crashed into people and businesses at an alarming rate.

“The last year involved an onslaught of ransomware, a surge of pernicious ad fraud and new, dangerous uses for botnets. These threats have the potential to erode many of the gains that computing is providing global society. Both consumers and businesses need to better understand how these new attack methodologies may impact them.”

Before the key global finding are examined Australian findings included:

  • Australia makes up 3.33% of all banking trojan detections – 10 times the global average.  Australia ranked seventh globally in detections of banking trojans.
  • Australia has far fewer botnet detections than the global average.
  • Ransomware stands out. Listed at number 6 in the Top 10 countries for ransomware detections, Australia makes up 3.2% of the total ransomware detected.
  • Australia experienced an onslaught of Cerber ransomware detections in October, with these alone accounting for 31.4% of all ransomware detected
  • Australia also ranked 8th in the top 10 for Ad fraud.
  • Australia only ranked 18th in terms of Android malware detections, accounting for 1.1% of global detections during the period.

Key global findings include:

Ransomware grabbed headlines and became the favourite attack methodology used against businesses, particularly in North America and Europe

  • Ransomware distribution between January 2016 and November 2016 increased by 267%. In Q4, 2016 nearly 400 variants of ransomware were catalogued.
  • Ransomware detections accounted for 12.3% of all enterprise threats, but only 1.8% of consumer threats.
  • About 81% of ransomware detected in corporate environments occurred in North America.

Ad fraud malware, led by Kovter malware, exceeded ransomware detections at times, and poses a substantial threat to consumers and businesses

  • The year 2016 saw Kovter, one of the most dangerous malware families in the wild, primarily being used for ad fraud.
  • Kovter was one of the biggest threats of this last year for Americans, more than anyone else, with 68.64% of all infections occurring in the US.
  • Kovter’s change in methodology and distribution is significant because it mirrors the trends with surges in ransomware: Kovter and ransomware both provide a source of direct profit for the attackers.

Botnets infect and recruit Internet of Things devices to launch massive DDoS attacks

  • The year 2016 saw a new use for botnets, to compromise and infect Internet of Things devices.
  • Asia and Europe saw an increase in variants developed from popular botnet families. For example, the Kelihos botnet grew 785% in July and 960% in October, while IRCBot grew 667% in August and Qbot grew 261% in November.
  • Germany also dealt with a substantial botnet problem. The country saw a 550% increase YoY.

Mobile malware evades detection from mobile security engines, resulting in an increase in the amount detected

  • The year 2016 saw the increased use of randomisation by malware authors to evade detection from mobile security engines, resulting in an increase in the amount of mobile malware detected.
  • Brazil, Indonesia, the Philippines, and Mexico made the top 10 countries for Android malware detections. The high prevalence of Android malware detections in developing countries can be due to  extensive use of relatively unsecured third-party app stores.

Europe is the most malware-ridden continent, and distribution of detections is telling

  • Europe saw 20% more infections than North America and 17 times more than Oceania.
  • The countries hit hardest by malware in Europe are France, the UK, and Spain – although the Vatican City saw the steepest rise with a 1200% increase in all malware.
  • The UK saw almost twice as many incidents as Russia. The latter was not in the top 10 of countries hit by ransomware, despite its size and population.
  • Germany is the second-most affected country by ransomware, following the US, supporting the theory that malware authors use Germany as a testing ground for their wares before wider distribution.

Adam Kujawa, director of Malware Intelligence, Malwarebytes, said, “In the last year, we have seen a huge transition in the top malware threats and how they are distributed. Attackers are always seeking the greatest possible profit, causing them to shift methodology per region and geography, based on user awareness and attack success rate. The use of ransomware and ad fraud, specifically Kovter, have taken off because they provide a source of direct profit for attackers. This is the future of cybercrime, and it is imperative that we continue to study how these methods evolve over time.”

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News