Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/14/2017
04:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Ransomware, Mac Malware Dominate Q1 Threat Landscape

Cerber, somewhat unexpectedly, emerged as the biggest ransomware threat, Malwarebytes found.

An analysis of the threat landscape in the first quarter of 2017 suggests that ransomware will continue to pose major problems for enterprises and individual users through the rest of the year.

Organizations can also expect to see increased malware development activity targeting Apple Mac and Android systems and evolving methods for distributing malware via exploit kits, social engineering methods and spam email, Malwarebytes said in a report this week.

"It’s important to realize that threats are constantly evolving, faster than we have ever seen before," says Adam Kujawa, director of malware intelligence at Malwarebytes. "This is mainly due to the increased resources available to the cybercrime community, which means more people, more money, more talent."

Cerber somewhat unexpectedly emerged as the most widely distributed ransomware sample in the first quarter of this year, displacing Locky from the top spot. Malwarebytes’ inspection of ransomware distribution trends last quarter showed Cerber growing its presence from 70% to 90% of overall share, while Locky vanished almost completely with a less than 2% share.

It’s unclear why Locky petered out so quickly, considering many had assumed it would dominate the ransomware scene this year. But it is likely that the authors of the malware either found a more profitable route or got entangled with law enforcement, Kujawa says.

Cerber, with its military-grade encryption capabilities and hosted distribution model, poses a potent threat to organizations and individuals. The authors of the malware have made it relatively easy for criminals with little technical capabilities to acquire and distribute it via hosted ransomware-as-a-service operations. Recent innovations, like a feature capable of evading antivirus tools that employ machine learning and one capable of detecting when the malware is executing in a sandbox, have made it harder to detect as well, Malwarebytes warned.

Mac Attack

The last quarter also saw a surge in Mac malware activity. New samples in the first three months of the year nearly equaled the number of Mac malware samples in all of 2016. A majority of them were backdoors with varying capabilities, levels of sophistication, and delivery mechanisms.

Many were designed to run arbitrary commands, to download malware, hijack the webcam and to siphon data from infected systems. The last quarter also witnessed a surge in the number of potentially unwanted programs in the Apple Mac App Store.

Based on the activity last quarter, Mac users can expect to see a big spike in malware and potentially unwanted applications directed at the platform this year, Malwarebytes said in its report.

[Check out the two-day Dark Reading Cybersecurity Crash Course at Interop ITX, May 15 & 16, where Dark Reading editors and some of the industry's top cybersecurity experts will share the latest data security trends and best practices.]

On the Android front, two malware families in particular posed big problems for users. One was Trojan.HiddenAds.lck an ad-serving app that actively prevented user attempts to uninstall it. The other was Jisut, an Android ransomware sample that grew its presence dramatically last quarter with tens of thousands of new samples introduced into the wild.

Malware activity in the last quarter also shows that threat actors are continuing to evolve their distribution methods, Kujawa says. "The bad guys are investing heavily on e-mail based attacks, which means phishing attacks that lead users to sites to trick them into download malware," he says. Many are utilizing scripts and password-protected archive files to download and install malware or Microsoft Office documents either using a macro script embedded in the document, or some new exploit, he says.

"We did predict earlier this year that new evolutions would be made to the e-mail attack methodology and we were right about that," Kujawa says. "The data shows a continued use of this tactic and the continued dominance of ransomware as the primary malware type being pushed by cyber criminals."

Related Content:

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ningd552
50%
50%
ningd552,
User Rank: Apprentice
5/14/2018 | 10:49:03 PM
Mac malware removal
to make your mac safer, you could check out this blog, I believe it would help you https://www.drcleaner.com/make-mac-safer/
reshyam
50%
50%
reshyam,
User Rank: Apprentice
4/25/2017 | 9:34:16 AM
Ransomware, Mac Malware Dominate Q1 Threat Landscape
Hi Guys,

              Well My Friends.......... The Ballmer initiative is likely to do some good by highlighting a few possible action areas in role government. But we don't hold hope that it will bring about major changes. We suspect USAFacts may end up pacing a step or two behind the government's ability to create data in new places. We Even if USAFacts can identify the most current data that government generates, In the odds are that it will fall victim to what nags the existing federal Open Data policy. We have Two departments with overlapping or interdependent functions will continue to use.

Thanks.

..........................

 
reshyam
50%
50%
reshyam,
User Rank: Apprentice
4/23/2017 | 3:31:27 AM
Re: So great!
Hi Guys,

              Well My Friends.......... The Ballmer initiative is likely to do some good by highlighting a few possible action areas in role government. But we don't hold hope that it will bring about major changes. We suspect USAFacts may end up pacing a step or two behind the government's ability to create data in new places. We Even if USAFacts can identify the most current data that government generates, In the odds are that it will fall victim to what nags the existing federal Open Data policy. We have Two departments with overlapping or interdependent functions will continue to use.

Thanks........
toussa
100%
0%
toussa,
User Rank: Apprentice
4/20/2017 | 8:21:24 AM
Re: So great!
Thin, I knew there were Mac viruses. But I thought it was really very little. That worries me a little.
Crypt0L0cker
100%
0%
Crypt0L0cker,
User Rank: Strategist
4/19/2017 | 10:34:13 AM
Re: Mac malware removal
Where are those people who claimed that there is no viruses for Mac? I guess the only reason they had "no viruses" was that Windows were rather more popular than Mac OS X through the decades. No users = no interest for cybercrooks to create Mac viruses. Now we've got raisining for Mac OS, so here is your portion of malware.
contomlon
50%
50%
contomlon,
User Rank: Apprentice
4/15/2017 | 3:02:16 AM
So great!
I enjoyed over read your blog post. Your blog have nice information, I got good ideas from this amazing blog. I am always searching like this type blog post. I hope I will see again.

 
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff 10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15270
PUBLISHED: 2020-10-22
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not pa...
CVE-2018-21266
PUBLISHED: 2020-10-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2018-21267
PUBLISHED: 2020-10-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2020-27673
PUBLISHED: 2020-10-22
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
CVE-2020-27674
PUBLISHED: 2020-10-22
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.