PhishMe has released its Malware Trends Analysis Report for Q1 2017. The Malware Trends Analysis Report shows there has been a reduction in ransomware activity in the first three months of 2017. While this is certainly good news, PhishMe believes it is just the quiet before the storm.
PhishMe suspects threat actors are planning further WannaCry-style attacks, which the firm refers to as ‘the atom bomb of ransomware’. Ransomware attacks can be highly lucrative for cybercriminals so it is extremely unlikely that the use of the encrypting malware will reduce this year. In fact, ransomware attacks have been predicted to increase.
Regionalized, international malware delivery increased in Q1, with many of the most prevalent malware strains delivered to end users via phishing emails. PhishMe reports that attacks are increasingly being conducted in multiple languages. PhishMe notes that Ursnif malware is now being delivered in phishing emails in German and Japanese while Zeus Panda is being distributed in Italian language phishing emails.
One of the major findings is a massive increase in botnet activity in Q1, jumping 69.2%. PhishMe says this increase, combined with the fall in the use of ransomware, indicates cybercriminals have gone back to basics while they retool for the next onslaught of ransomware attacks. The attacks witnessed in the second quarter of the year show how cybercriminals have spent the time developing new attack techniques, such as combining ransomware and wipers with worms to spread infections more exxtensively.
Also, in Q2, there has been a resurgence in the use of Locky ransomware, the release of a new ransomware called Jaff and the WannaCry attacks that rapidly spread around the globe.
The rise in botnet malware was led by the use of Ursnif malware, although there was significant growth in the variety of malware being spread by botnets. These highly adaptable malware variants are being used to provide access to devices allowing longer-term intrusions. PhishMe reports that these longer-term attacks allow lengthy surveillance of companies. Malware variants such as TrickBot, DELoader and Zeus Panda have increased, all of which are used for long term espionage.
The report was compiled after PhishMe researchers analyzed 749 sets of phishing emails which were supported by more than 14,000 online resources. Those emails were used to deliver almost 10,000 different malware iterations.
PhishMe CTO and Co-founder Aaron Higbee said, “Our Q1 2017 Malware Review shows that threat actors continue to be relentless in their tenacity to extort money and information from individuals and businesses worldwide.”
The report can be downloaded from PhishMe on this link.
PhishMe has also announced that the PhishMe Intelligence Strategic Analysis threat alerts have been made available for all customers to help them block malware threats and prevent phishing attacks. The reports are being released on a weekly basis and provide a detailed analysis of the changing tactics used by cybercriminals, along with indicators of compromise for the latest malware and information on the latest phishing threats.