An analysis of the threat landscape in the first quarter of 2017 suggests that ransomware will continue to pose major problems for enterprises and individual users through the rest of the year.
Organizations can also expect to see increased malware development activity targeting Apple Mac and Android systems and evolving methods for distributing malware via exploit kits, social engineering methods and spam email, Malwarebytes said in a report this week.
"It’s important to realize that threats are constantly evolving, faster than we have ever seen before," says Adam Kujawa, director of malware intelligence at Malwarebytes. "This is mainly due to the increased resources available to the cybercrime community, which means more people, more money, more talent."
Cerber somewhat unexpectedly emerged as the most widely distributed ransomware sample in the first quarter of this year, displacing Locky from the top spot. Malwarebytes’ inspection of ransomware distribution trends last quarter showed Cerber growing its presence from 70% to 90% of overall share, while Locky vanished almost completely with a less than 2% share.
It’s unclear why Locky petered out so quickly, considering many had assumed it would dominate the ransomware scene this year. But it is likely that the authors of the malware either found a more profitable route or got entangled with law enforcement, Kujawa says.
Cerber, with its military-grade encryption capabilities and hosted distribution model, poses a potent threat to organizations and individuals. The authors of the malware have made it relatively easy for criminals with little technical capabilities to acquire and distribute it via hosted ransomware-as-a-service operations. Recent innovations, like a feature capable of evading antivirus tools that employ machine learning and one capable of detecting when the malware is executing in a sandbox, have made it harder to detect as well, Malwarebytes warned.
The last quarter also saw a surge in Mac malware activity. New samples in the first three months of the year nearly equaled the number of Mac malware samples in all of 2016. A majority of them were backdoors with varying capabilities, levels of sophistication, and delivery mechanisms.
Many were designed to run arbitrary commands, to download malware, hijack the webcam and to siphon data from infected systems. The last quarter also witnessed a surge in the number of potentially unwanted programs in the Apple Mac App Store.
Based on the activity last quarter, Mac users can expect to see a big spike in malware and potentially unwanted applications directed at the platform this year, Malwarebytes said in its report.
[Check out the two-day Dark Reading Cybersecurity Crash Course at Interop ITX, May 15 & 16, where Dark Reading editors and some of the industry's top cybersecurity experts will share the latest data security trends and best practices.]
On the Android front, two malware families in particular posed big problems for users. One was Trojan.HiddenAds.lck an ad-serving app that actively prevented user attempts to uninstall it. The other was Jisut, an Android ransomware sample that grew its presence dramatically last quarter with tens of thousands of new samples introduced into the wild.
Malware activity in the last quarter also shows that threat actors are continuing to evolve their distribution methods, Kujawa says. "The bad guys are investing heavily on e-mail based attacks, which means phishing attacks that lead users to sites to trick them into download malware," he says. Many are utilizing scripts and password-protected archive files to download and install malware or Microsoft Office documents either using a macro script embedded in the document, or some new exploit, he says.
"We did predict earlier this year that new evolutions would be made to the e-mail attack methodology and we were right about that," Kujawa says. "The data shows a continued use of this tactic and the continued dominance of ransomware as the primary malware type being pushed by cyber criminals."
- Mac Malware Reaches New Highs
- Enterprises Hit with Malware Preinstalled on their Androids
- Commodity Ransomware Is Here