To better understand just how drastically the threat landscape evolved in 2016, Malwarebytes examined data from more than 200 countries for Windows and Android devices running Malwarebytes.
Both corporate and consumer environments were studied and data was collected from June 2016 through November 2016. In the six months studied, nearly 1 billion total malware detections/incidences were reported. Data was also obtained from Malwarebytes’ internal honeypots and collection efforts to identify malware distribution, not only infection.
Malwarebytes chief executive Marcin Kleczynski said, “To protect users from cyber criminals, we need to intimately understand their methodologies and tactics. Our findings demonstrate that the frequency and variety of new cyberattacks has crashed into people and businesses at an alarming rate.
Before the key global finding are examined Australian findings included:
- Australia makes up 3.33% of all banking trojan detections – 10 times the global average. Australia ranked seventh globally in detections of banking trojans.
- Australia has far fewer botnet detections than the global average.
- Ransomware stands out. Listed at number 6 in the Top 10 countries for ransomware detections, Australia makes up 3.2% of the total ransomware detected.
- Australia experienced an onslaught of Cerber ransomware detections in October, with these alone accounting for 31.4% of all ransomware detected
- Australia also ranked 8th in the top 10 for Ad fraud.
- Australia only ranked 18th in terms of Android malware detections, accounting for 1.1% of global detections during the period.
Key global findings include:
Ransomware grabbed headlines and became the favourite attack methodology used against businesses, particularly in North America and Europe
- Ransomware distribution between January 2016 and November 2016 increased by 267%. In Q4, 2016 nearly 400 variants of ransomware were catalogued.
- Ransomware detections accounted for 12.3% of all enterprise threats, but only 1.8% of consumer threats.
- About 81% of ransomware detected in corporate environments occurred in North America.
Ad fraud malware, led by Kovter malware, exceeded ransomware detections at times, and poses a substantial threat to consumers and businesses
- The year 2016 saw Kovter, one of the most dangerous malware families in the wild, primarily being used for ad fraud.
- Kovter was one of the biggest threats of this last year for Americans, more than anyone else, with 68.64% of all infections occurring in the US.
- Kovter’s change in methodology and distribution is significant because it mirrors the trends with surges in ransomware: Kovter and ransomware both provide a source of direct profit for the attackers.
Botnets infect and recruit Internet of Things devices to launch massive DDoS attacks
- The year 2016 saw a new use for botnets, to compromise and infect Internet of Things devices.
- Asia and Europe saw an increase in variants developed from popular botnet families. For example, the Kelihos botnet grew 785% in July and 960% in October, while IRCBot grew 667% in August and Qbot grew 261% in November.
- Germany also dealt with a substantial botnet problem. The country saw a 550% increase YoY.
Mobile malware evades detection from mobile security engines, resulting in an increase in the amount detected
- The year 2016 saw the increased use of randomisation by malware authors to evade detection from mobile security engines, resulting in an increase in the amount of mobile malware detected.
- Brazil, Indonesia, the Philippines, and Mexico made the top 10 countries for Android malware detections. The high prevalence of Android malware detections in developing countries can be due to extensive use of relatively unsecured third-party app stores.
Europe is the most malware-ridden continent, and distribution of detections is telling
- Europe saw 20% more infections than North America and 17 times more than Oceania.
- The countries hit hardest by malware in Europe are France, the UK, and Spain – although the Vatican City saw the steepest rise with a 1200% increase in all malware.
- The UK saw almost twice as many incidents as Russia. The latter was not in the top 10 of countries hit by ransomware, despite its size and population.
- Germany is the second-most affected country by ransomware, following the US, supporting the theory that malware authors use Germany as a testing ground for their wares before wider distribution.
Adam Kujawa, director of Malware Intelligence, Malwarebytes, said, “In the last year, we have seen a huge transition in the top malware threats and how they are distributed. Attackers are always seeking the greatest possible profit, causing them to shift methodology per region and geography, based on user awareness and attack success rate. The use of ransomware and ad fraud, specifically Kovter, have taken off because they provide a source of direct profit for attackers. This is the future of cybercrime, and it is imperative that we continue to study how these methods evolve over time.”