Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/2/2016
04:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Quick Heal Technologies First Quarter 2016 Threat Report Confirms the Rising Threat of Ransomware as New Variants Emerge

Windows and Android malware detections continue to increase, with Android malware samples up 38 percent over the first quarter in 2015

BOSTON, June 1, 2016Quick Heal Technologies today announced the results of its First Quarter Threat Report for 2016. The complete report, which can be downloaded from the Quick Heal website, offers insight into the rising threat of ransomware as new variants and propagation techniques emerge worldwide.

Through the global deployment of its IT security products, Quick Heal is able to detect new threats that have the potential to impact businesses across North America, where it offers its Seqrite line of cloud-enabled solutions for small to medium-size enterprises (SMEs).

In the first quarter, the number of malware samples detected by Quick Heal Threat Research Lab represented a significant increase over the same period in 2015. The Windows platform alone was hit by more than 340 million samples during the quarter, with January being the most active month at nearly 117 million samples. Also, more than 20,000 Android malware samples were detected on a daily basis, representing a 38 percent increase over Q1 2015.   

The report provides a deep dive, offering insight into the top 10 malware samples detected on Windows and Android devices, as well as detection statistics for malware across all platforms—spanning the categories of Ransomware, Adware, Potentially Unwanted Applications (PUAs), Trojans, Infectors, Worms, and Exploits.

 

Growing Threat of Ransomware

Ransomware remains a rapidly growing threat in 2016, according to the report. One of the fastest moving threats in this category isTeslaCrypt, which emerged a year ago and has employed new infection and propagation techniques in 2016. New variants of the TeslaCrypt Trojan, as described on the Quick Heal blog, make their way into the computer systems of unsuspecting users to hijack images, spreadsheets, PowerPoint presentations and other files.

“Unlike other ransomware, TeslaCrypt begins encrypting these files, converting them into an unreadable form that can only be viewed with the aid of a private key. And the only way to get this key is for the victim to pay a ransom,” said Sanjay Katkar, Quick Heal CTO and co-founder. “The best prevention is to never download attachments or click on links in emails received from unwanted or unexpected sources—even if the sources look familiar. Also, don’t respond to pop-up ads or alerts while visiting unfamiliar websites, and apply all necessary security updates, keeping automatic updates on.”

Because TeslaCrypt targets data, the most crucial step is to perform regular backups,

Katkar advises. This can eliminate the need to pay a ransom if the data is already safely backed up and available.

“Locky” is another new ransomware variant that is propagated via spam emails carrying malicious Microsoft Office documents and JavaScript files as attachments. When the JavaScript files are executed, they download and install the Locky ransomware on victims’ machines. The ransomware encrypts most of the documents available on the system and then demands a ransom payment from the user.

In the first quarter of 2016, Mobile Ransomware and Banking Trojans have also increasingly come under the spotlight. Quick Heal detected four new ransomware variants that target Android devices, including old and new families. Additionally, 10 families of mobile banking trojans were also detected, including completely new variants of existing families, compared to 21 for all of 2015.

Other key findings in the Q1 report include:

  • Targeted profit-making attacks: Attackers appear to be changing their strategies from long-run attacks to ones that deliver nearly instant payouts. As predicted in previous Quick Heal threat reports, they have moved their attention towards the healthcare and banking sectors. 
  • PUAs disguised as software updates: PUAs are also on the rise, entering a targeted victim’s computer system and appearing on the screen as a pop-up ad on Internet Explorer, Firefox or Google Chrome, prompting the user to click with the intention of updating their Adobe Flash Player, Java or other software. But hackers are the producers of these pop-ups—not the software providers and developers. Once downloaded, the malware proceeds to infect the victim’s computer with adware and browser hijackers as well as other PUAs.
  • Adware advances: The Quick Heal Threat Research Lab has observed that recent Adware samples have been found to focus their attacks more on network resources such as DNS settings, where they can hijack proxies and disable the auto update feature on web browsers and more.
  • Microsoft Office and Java represent top targets: The vulnerabilities found in Office and Java together make up 92% of the most popular exploit targets, giving IT executives more reasons than ever to focus on comprehensive protection for these pervasively used products.
  • Android platform threats increase: More than 178 new malware families and 275 new malware variants were found to be afflicting the Android platform in the first quarter. At the same time, Android Adware samples dropped from a 59 percent increase in the same period last year to a 42 percent increase in Q1 2016. The most common Android malware, Android.Sprovider.C, enters mobile devices primarily through third-party app stores, and MazarBOT, which emerged as a dangerous malware threat in Q1, can steal SMS messages and wipe data from smartphones entirely.

 

“Quick Heal’s new Threat Report underscores the importance of educating employees about the many ways these attacks can infiltrate a device or a network and bring an organization’s entire operation to a screeching halt,” said Katkar. “Business owners and IT professionals need to remain ever-vigilant and increasingly proactive with their security and employee education policies and the safeguards they use to protect the endpoints, the network and everything in between.”

Resellers interested in becoming a Quick Heal/Seqrite partner, please contact 855-978-6117 or email [email protected] or visit the Quick Heal partner page. For more information on Quick Heal, visit www.quickheal.com. For a complimentary copy of the Q1 Threat Report, visit the Quick Heal website.

 

About Quick Heal Technologies Ltd.

Quick Heal Technologies Ltd.’s Seqrite data security product line targets small-to-midsize enterprises (SMEs) and is designed to simplify security management across endpoints, mobile devices, and networks. For more information on the Quick Heal Seqrite Partner Program, please contact 855-978-6117, email us at [email protected] or visit the Quick Heal partner page. For more information on Quick Heal, visit www.quickheal.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: George has not accepted that the technology age has come to an end.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26814
PUBLISHED: 2021-03-06
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service sc...
CVE-2021-27581
PUBLISHED: 2021-03-05
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
CVE-2021-28042
PUBLISHED: 2021-03-05
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-28041
PUBLISHED: 2021-03-05
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2021-3377
PUBLISHED: 2021-03-05
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.