Endpoint
4/14/2017
04:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Ransomware, Mac Malware Dominate Q1 Threat Landscape

Cerber, somewhat unexpectedly, emerged as the biggest ransomware threat, Malwarebytes found.

An analysis of the threat landscape in the first quarter of 2017 suggests that ransomware will continue to pose major problems for enterprises and individual users through the rest of the year.

Organizations can also expect to see increased malware development activity targeting Apple Mac and Android systems and evolving methods for distributing malware via exploit kits, social engineering methods and spam email, Malwarebytes said in a report this week.

"It’s important to realize that threats are constantly evolving, faster than we have ever seen before," says Adam Kujawa, director of malware intelligence at Malwarebytes. "This is mainly due to the increased resources available to the cybercrime community, which means more people, more money, more talent."

Cerber somewhat unexpectedly emerged as the most widely distributed ransomware sample in the first quarter of this year, displacing Locky from the top spot. Malwarebytes’ inspection of ransomware distribution trends last quarter showed Cerber growing its presence from 70% to 90% of overall share, while Locky vanished almost completely with a less than 2% share.

It’s unclear why Locky petered out so quickly, considering many had assumed it would dominate the ransomware scene this year. But it is likely that the authors of the malware either found a more profitable route or got entangled with law enforcement, Kujawa says.

Cerber, with its military-grade encryption capabilities and hosted distribution model, poses a potent threat to organizations and individuals. The authors of the malware have made it relatively easy for criminals with little technical capabilities to acquire and distribute it via hosted ransomware-as-a-service operations. Recent innovations, like a feature capable of evading antivirus tools that employ machine learning and one capable of detecting when the malware is executing in a sandbox, have made it harder to detect as well, Malwarebytes warned.

Mac Attack

The last quarter also saw a surge in Mac malware activity. New samples in the first three months of the year nearly equaled the number of Mac malware samples in all of 2016. A majority of them were backdoors with varying capabilities, levels of sophistication, and delivery mechanisms.

Many were designed to run arbitrary commands, to download malware, hijack the webcam and to siphon data from infected systems. The last quarter also witnessed a surge in the number of potentially unwanted programs in the Apple Mac App Store.

Based on the activity last quarter, Mac users can expect to see a big spike in malware and potentially unwanted applications directed at the platform this year, Malwarebytes said in its report.

[Check out the two-day Dark Reading Cybersecurity Crash Course at Interop ITX, May 15 & 16, where Dark Reading editors and some of the industry's top cybersecurity experts will share the latest data security trends and best practices.]

On the Android front, two malware families in particular posed big problems for users. One was Trojan.HiddenAds.lck an ad-serving app that actively prevented user attempts to uninstall it. The other was Jisut, an Android ransomware sample that grew its presence dramatically last quarter with tens of thousands of new samples introduced into the wild.

Malware activity in the last quarter also shows that threat actors are continuing to evolve their distribution methods, Kujawa says. "The bad guys are investing heavily on e-mail based attacks, which means phishing attacks that lead users to sites to trick them into download malware," he says. Many are utilizing scripts and password-protected archive files to download and install malware or Microsoft Office documents either using a macro script embedded in the document, or some new exploit, he says.

"We did predict earlier this year that new evolutions would be made to the e-mail attack methodology and we were right about that," Kujawa says. "The data shows a continued use of this tactic and the continued dominance of ransomware as the primary malware type being pushed by cyber criminals."

Related Content:

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
reshyam
50%
50%
reshyam,
User Rank: Apprentice
4/25/2017 | 9:34:16 AM
Ransomware, Mac Malware Dominate Q1 Threat Landscape
Hi Guys,

              Well My Friends.......... The Ballmer initiative is likely to do some good by highlighting a few possible action areas in role government. But we don't hold hope that it will bring about major changes. We suspect USAFacts may end up pacing a step or two behind the government's ability to create data in new places. We Even if USAFacts can identify the most current data that government generates, In the odds are that it will fall victim to what nags the existing federal Open Data policy. We have Two departments with overlapping or interdependent functions will continue to use.

Thanks.

..........................

 
reshyam
50%
50%
reshyam,
User Rank: Apprentice
4/23/2017 | 3:31:27 AM
Re: So great!
Hi Guys,

              Well My Friends.......... The Ballmer initiative is likely to do some good by highlighting a few possible action areas in role government. But we don't hold hope that it will bring about major changes. We suspect USAFacts may end up pacing a step or two behind the government's ability to create data in new places. We Even if USAFacts can identify the most current data that government generates, In the odds are that it will fall victim to what nags the existing federal Open Data policy. We have Two departments with overlapping or interdependent functions will continue to use.

Thanks........
toussa
100%
0%
toussa,
User Rank: Apprentice
4/20/2017 | 8:21:24 AM
Re: So great!
Thin, I knew there were Mac viruses. But I thought it was really very little. That worries me a little.
Crypt0L0cker
100%
0%
Crypt0L0cker,
User Rank: Strategist
4/19/2017 | 10:34:13 AM
Re: Mac malware removal
Where are those people who claimed that there is no viruses for Mac? I guess the only reason they had "no viruses" was that Windows were rather more popular than Mac OS X through the decades. No users = no interest for cybercrooks to create Mac viruses. Now we've got raisining for Mac OS, so here is your portion of malware.
contomlon
50%
50%
contomlon,
User Rank: Apprentice
4/15/2017 | 3:02:16 AM
So great!
I enjoyed over read your blog post. Your blog have nice information, I got good ideas from this amazing blog. I am always searching like this type blog post. I hope I will see again.

 
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.