Malwarebytes charts security landscape upheaval in Q117

Security firm Malwarebytes says there has been a serious upheaval in the security landscape, with threats previously believed to be serious contenders this year practically gone, and new threats and techniques forcing the security community to reconsider their collection and analysis efforts.

Source: Malwarebytes Cybercrime Tactics & Techniques report. Total malware distribution by type, Q117.

In the second Malwarebytes Cybercrime Tactics & Techniques report, which discusses the threats that got the company's attention in the first three months of the year, the company found:

• Cerber ransomware took over as the top dog as far as distribution and market share are concerned.
• Locky ransomware has dropped off the map, with a lack of new Locky versions being developed since before the beginning of the year.
• The Mac threat landscape saw a surge of new malware and backdoors in Q117, including a new Mac ransomware, FindZip.
• On the Android side, two notable malware families have been causing a lot of trouble. HiddenAds.lck, which prevents the device from removing the app, and Jisut, a mobile ransomware family, are spreading like wildfire.
• In the exploit kit world, RIG continues to have the greatest market share of the few exploit kits that are still active and Malwarebytes expects this to continue. RIG exploit kit remains on top mainly due to its lack of competition rather than technical sophistication.
• Malicious spam campaigns have also started utilising password-protected zipped files and protected Office documents to evade auto analysis sandboxes utilised by security researchers.
• In social media scams, users were bombarded with links to nude photo dumps that lead to gift card survey scams.
• Tech support scammers* (TSS) have begun accepting alternate forms of payment, such as Apple gift cards and Bitcoin.

Looking ahead to the second quarter of the year, Malwarebytes predicts:

• Continued heavy distribution of Cerber through Q217 due to new developments made to the malware design and its continued use of the ransomware as a service (RaaS) model.
• The Cerber ransomware will likely remain top within the next quarter.
• The continued heavy development of Mac malware throughout Q2 is equally likely.
• The Android ransomware Jisut is expected to continue its trend of high distribution and spread, as will HiddenAds.lck.
• Distribution mechanisms are likely going to develop new features and functionality, be it through social engineering tactics utilised by exploit kits and malicious spam or from the discovery of new exploits, potentially revitalising the exploit kit market.
• In the world of scams, Malwarebytes expects an uptick of exit scams** and TSS utilising social media advertising to scam, as well as the spread of TSS advertisements being pushed alongside potentially unwanted programs (PUPs).

Interested?

Download the second Malwarebytes Cybercrime Tactics & Techniques report (PDF)

Read the first Malwarebytes Cybercrime Tactics & Techniques report

*The tech support scam has a scammer calling up to tell the victims that their computers have a problem, and that they will have to pay up to solve it.

**In an exit scam, the scammer accepts payment, and exits (disappears) before shipping the promised goods.