Malware attacks are becoming more personalised, a trend that is evidenced by the massive growth in business email compromises (BECs) recorded.
According to Russel Young, tech lead at Trend Micro South Africa, aa shift to ransomware and coin mining was also apparent during April. Coin mining is where malware uses a company’s IT resources to mine cryptocurrencies.
The biggest shifts, however, have been in ransomware and BEC, he adds. “Ransomware is declining, although the families are increasing, indicating that it is becoming more niche and specialised. BEC also continues to grow, again pointing to more targeted attacks.”
BEC has grown a massive 106% since the beginning of the year – and that’s just the reported instances, Young points out.
Another area that companies should be guarding is cloud computing; as its use grows so the number of threats will. “It’s another attack vector that cyber-crooks can go after.”
On the other side of the coin, threats to mobile devices are decreasing, either because malware samples don’t work on newer operating system version; or the mobile OS developers have becoming better at defending against them.
For the month of April the Trend Micro Smart Protection Network security infrastructure blocked 3,6-billion threats, including email threats, malicious files and URLs, an increase of 24% in blocked threats over March.
Email-related threats continued to reign in April, making up almost 84% of the total number of blocked threats.
South Africa is still the top target in sub-Saharan Africa with 10-million email threats blocked in April.
Worldwide, 92-billion malicious URLs were blocked, led by the US. Regionally, South Africa was the most targeted, at 9,35-million compared to Nigeria at 8,13-million and Seychelles at 3,5-million.
When it comes to clicking on malicious URLS, South Arica topped the log at 361,27-million – way ahead of any other countries in the region.
WannaCry is still the top ransomware threat, although there were 27 new ransomware families detected in April – a 59% increase from the previous month.
Asia is the most threatened region, with Africa coming at number four, led by South Arica at 20,62%, then Nigeria at 11,98% and Kenya at 9,17%.
There were at least 13 zero-day SCADA-related vulnerabilities in April, an area that we need to be aware of going forward, says Young.
Business email compromises (BEC) continue to grow, with senders mostly masquerading as the MD at 31%, followed by the CEO (24%), president (13%), chairman (5%) and GM (3%).
Targets are typically directors or managers in the finance department.
Exploit kits were down slightly, although South Africa is still the most targeted country in the region.
Mobile ransomware is on the increase, mostly from Slocker (3,7-millio) followed by Flocker (2,66-million). Flocker encrypts smart TVs, marking a move to IoT threats in the home, according to Young.
South Africa lags Ethiopia and Nigeria in terms of MARS attacks.
Overall, the top malware families in April were led by CoinMiner, followed by WannaCry, Powload and Downa.
POS malware saw a big drop in April, with a massive 68% decrease in detections over March.
Android malware increased slightly, although iOS malware dropped by 72%.