The malware world continues to develop rapidly and dynamically, with new threats appearing daily, accelerating the cat-and-mouse game between attackers and defenders.
As a result, it’s more important than ever for cyber security professionals to stay up-to-date about the ever-changing threat landscape in order to provide organisations with the highest level of protection. This is the reason Check Point has created the H1 2016 Global and Regional Trends of the ‘Most Wanted’ Malware report, which provides an overview of the malware landscape in the top categories – ransomware, banking and mobile – based on threat intelligence data drawn from Check Point’s ThreatCloud World Cyber Threat Map between January and June 2016.
Below are a few highlights from the report:
H1 2016 Global Trends and Highlights
• Ransomware: the dawn of a new era
Without a doubt, 2016 will go down as a prime year for ransomware. Ransomware has consistently been in the news for the past several months, and for a good reason, as attacks have increased in quantity, variety, efficiency, and sophistication. Barraging users and organisations of all sizes, criminals are now creating new and revamped ransomware using every possible type of attack vector. For more information about the ransomware epidemic, download our whitepaper Ransomware: Attacks, Trends, and Response.
• Turmoil in the exploit kit landscape
Attackers use exploit kits to spread malware. These kits, which have an alarming success rate, leverage vulnerabilities in web browsers and operating systems to install malware without the user’s knowledge or consent. As we have seen in the case of the Nuclear Exploit Kit, this can be an extremely profitable business for developers who rent their kit to attackers worldwide. Interestingly, there has been a shift in the exploit kit arena since the beginning of 2016. We have witnessed the decline of two of the largest exploit kits in the wild, Angler and Nuclear, and the rise of Neutrino and Rig Exploit Kits, as seen in the recent Cerber campaign.
• The rise of mobile botnets
In 2016, a new form of malware appeared in the mobile world – botnets. A botnet is a group of devices (PCs, laptops, or mobile phones) controlled by hackers without the owners’ knowledge. The larger the botnet, the greater its capabilities. The botnets we detected, such as Viking Horde and DressCode, even managed to infiltrate Google Play and target hundreds of thousands of users. So far, mobile botnets have been used mainly to generate fraudulent traffic and ad clicks. However, they can be leveraged to achieve disruptive goals, such as DDoS attacks which can have a devastating effect on organisations of all sizes.
Summary
The first half of 2016 demonstrates the nature of today’s cyber threat landscape. Many old malware threats remain prominent, while at the same time newcomers arrive and take the world by storm. On top of that, malware demonstrates a long tail distribution with a small number of families responsible for a major part of the attacks, while thousands of other malware families are rarely seen. Lastly, we see that most cyber threats are global and cross-regional, with the top threats appearing in all three regions.
To learn more, download the Check Point H1 2016 Global and Regional Trends of the ‘Most Wanted’ Malware report here.