Surge in polymorphic attacks and malicious Android apps
Users are over 20 percent less likely to encounter malware and other undesirable executable files than in 2015.
The data, collected by Webroot, shows that, although the number of overall malware encounters is decreasing, malware attacks are more sophisticated and short-lived than ever before.
Malware and PUA families and variants per family
Many attacks appear, infect, and disappear within hours—even minutes—having successfully exfiltrated sensitive data, launched ransomware, or found other means to achieve financial gain.
Google and Wells Fargo heavily targeted for phishing attacks
Starting in May, attacks against Google and Wells Fargo rose sharply. By June, they were the most targeted technology and financial companies. The report also reveals “phishers” are increasingly implementing polymorphic URLs, enabling attackers to target numerous users at once while avoiding traditional detection.
Geofiltering outwitted
The United States now hosts over 40 percent of malicious URLs, a slight increase from 2015. This increase is likely a means of circumventing geofiltering services, which block network traffic involving certain geographic regions.
Given the high percentage of legitimate websites hosted in the U.S., it is counterproductive to block all traffic to and from the United States. This trend underscores the importance of URL reputation filtering for security assessment/risk in addition to content-based filtering.
Mobile app epidemic
The number of new malicious Android apps is on track to increase by almost 400 percent in 2016 compared to 2015. Malicious apps are mainly targeting Asia, due in large part to the prevalence of Android devices in that geography. Additionally, many Android users in Asian countries download their apps from unofficial app stores, which do not have as robust an evaluation process as Google Play.
Malicious IP address origins
Nearly half of all malicious IP addresses are now associated with China, India, or Vietnam. Additionally, analysis from Webroot data shows that initial attacks from malicious IP addresses stem from spam (email and web) and scanning activities.
“The report data demonstrates that, while malware encounters may be on a downturn, the business of cybercrime is indeed alive and well,” said Tyler Moffitt, senior threat research analyst at Webroot. “As attack timelines accelerate and polymorphism continues to grow and spread across attack vectors, it’s more important than ever for organizations to adopt next-generation security approaches that can adapt and predict malware behaviors as they evolve.”