Malware attacks are declining but getting cleverer
In the first six months of 2016 users were twenty percent less likely to encounter malware than in the same period last year. But although attacks are decreasing they’re getting more sophisticated and often disappear within hours having achieved their aims.
These are the key findings of the latest Webroot Quarterly Threat Report, based on information collected from millions of endpoints, released today.
"The report data demonstrates that, while malware encounters may be on a downturn, the business of cybercrime is indeed alive and well," says Tyler Moffitt, senior threat research analyst at Webroot. "As attack timelines accelerate and polymorphism continues to grow and spread across attack vectors, it's more important than ever for organizations to adopt next-generation security approaches that can adapt and predict malware behaviors as they evolve".
Other highlights from the report are that Google and Wells Fargo have been heavily targeted by phishing attacks. These started to rise sharply in May and by June, they were the most targeted technology and financial companies. The report also reveals 'phishers' are increasingly implementing polymorphic URLs, enabling attackers to target numerous users at once while avoiding traditional detection methods.
The United States now hosts over 40 percent of malicious URLs, a slight increase from 2015. This increase is likely to be a means of circumventing geofiltering services, which block network traffic from some geographic regions. Given the high percentage of legitimate websites hosted in the US, it's impractical to block all traffic to and from there. This trend underlines the importance of using URL reputation filtering in addition to content-based filtering.
The number of new malicious Android apps is growing and is set to increase by almost 400 percent in 2016 compared to 2015. Malicious apps are mainly targeting Asia, due in large part to the popularity of Android devices in that region. Also, many Android users in Asian countries download their apps from unofficial app stores, which do not have as robust an evaluation process as Google Play.
The report also looks at the origins of malicious IPs. Nearly half of all malicious addresses are now associated with China, India, or Vietnam. Analysis from Webroot data shows that initial attacks from malicious IP addresses come mainly from spam (both email and web) and scanning activities.
You can read more about the report's findings on the Webroot site.