Attacks/Breaches
11/30/2016
10:30 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Windows Malware Infections Spiked 106% From Black Friday To Cyber Monday

The number of infected PCs jumped some 106% during the holiday season's first shopping weekend and 118% above normal on Cyber Monday.

'Tis the season for gift-giving, snowfall - and cybercrime. The 2016 holiday shopping season has already proven risky, with malware infections in the US jumping 106% between Black Friday and Cyber Monday.

The data comes from Enigma Software Group (ESG), which compiled data on infections recorded in its SpyHunter program. ESG analyzed malware data in the month leading up to Thanksgiving and compared it with infections recorded between Nov. 25 and Nov. 28, 2016.

It's worth noting this data only applies to malware infections recorded on PCs, and does not include activity from smartphones or Apple products. 

The number of recorded infections has doubled year-over-year. This year's 106% jump marks a significant increase from the same weekend in 2015, when malware was 84% above normal. Malware activity peaked on Cyber Monday, when instances were 118% higher than normal.

ESG believes there are multiple drivers behind the malware surge, says spokesperson Ryan Gerding.

"The biggest thing is that there are more people who are shopping online every year," he explains. "What's more, the bad guys are getting smarter in tricking people into accidentally clicking on links that install malware on their computers."

Consumers are most likely to fall for emails that appear to come from legitimate companies. These messages may promise a free gift card or claim there is a problem with an order, but instead include a malicious link that will download malware onto the victim's computers. 

During the holidays, more people are shopping and anticipating these types of emails. They're more likely to click on a money-saving coupon or wonder if there really is a problem with their order. As a result, malware infections continue to climb.

Emails aside, hackers also abuse social media accounts and post status updates containing malicious links. Others bundle malware with software downloaded from the Internet; for example, programs that promise to bypass location-specific restrictions on services like Netflix.

The vast majority of these infections are "nuisanceware," says Gerding. They may slow down victims' PCs or cause a spike in pop-up ads; things that are annoying but not necessarily dangerous.

However, the occasional dangerous attacks do take place. Ransomware makes up a tiny percentage of infections, but it can be devastating when it hits. ESG discovered about 0.5% of all infections include ransomware.

It's a miniscule percentage, but Gerding notes the amount of infections made of ransomware has doubled since 2015. One year ago, ransomware made up about 0.25% of malware attacks. The trend promises ransomware will continue to grow as a consumer-facing threat in 2017.

"As long as the crooks are successful in getting people to pay a ransom, they'll keep trying to get infections out there on as many computers as possible," he says.

The ESG research was focused on consumers, but Gerding acknowledges the malware spike could also affect businesses.

"Wherever people are online is where the risk is," he says. "If they're at home the risk is at home; if they're at work, the risk is at work. We all know people don't spend 100% of their time at work doing work-specific things." 

The most important step users can take is backing up their data so if there is a problem, they can return to the settings they had prior to the attack. Both physical and cloud-based backups are recommended.

Users should also ensure they have automatic updates scheduled for their operating systems and any anti-malware program they have installed, he says.

Also, think twice before clicking, he says. Who is it coming from? Where is directing you to? Is it too good to be true? If an email from USPS, Amazon, eBay, Best Buy, or another company says there is a problem with an order, visit the website instead of following the link.

"It's the best way to protect yourself and ensure there is a legitimate issue," he says.

Related Content:

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance & Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/30/2016 | 6:19:44 PM
Comparisons
While I am glad to see comparisons to the same time period last year, to properly and entirely place this information into the right context, we also ought to know precisely how much online activity/traffic spiked over this period of time in each respective year.

To wit, if web traffic overall spiked 106% this year from Black Friday to Cyber Monday, then this would be exactly normal -- and merely an indicator of what happens when web traffic spikes.  If web traffic overall spiked a statistically significantly lower percentage, then theree is much more at play.
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The Impact of a Security Breach 2017
The Impact of a Security Breach 2017
Despite the escalation of cybersecurity staffing and technology, enterprises continue to suffer data breaches and compromises at an alarming rate. How do these breaches occur? How are enterprises responding, and what is the impact of these compromises on the business? This report offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.