Banking Trojans and ransomware dominatedthe malware landscape while compromised business email gained speedaccording to Sunnyvale, Calif.-based security firm Proofpoint'sanalysis of first quarter 2016 threats and trends.

|

In Proofpoint's “Quarterly Threat Summary,” researchers alsorevealed ransomware vaulted into the top ranks of the most preferred malwareby cybercriminals. Nearly one-quarter of documentattachment-based email attacks in the first quarter featured thenew Locky ransomware.

|

“The massive email message volumes associated with Dridexbanking Trojan malware gave way to our discovery of the new Lockyransomware,” the report revealed.

|

The Locky ransomware strain is spreading to victims' systemsrapidly. Forbes claimed Locky infects approximately 90,000systems per day and typically asks users for 0.5-1 Bitcoin (or$420) to unlock their systems.

|

Proofpoint researchers said Dridex, accounting for 74% of totalmessage volume, was the only malware payload used more frequentlythan Locky. Other payloads appeared mostly in short bursts. Nymaimentered the top 10, and Vawtrak remained a frequent alternative toDridex.

|

“Ransomware is back in a big way with new variants andtechniques emerging regularly. Organizations need defenses that canstop these attacks before they can encrypt data and take criticalsystems offline,” the report said.

|

More C-level employees are at risk of targeted messages withbusiness email compromise on the rise. Attackers have usedmore socialengineering to persuade users to complete tasks or run malware,as solutions that detect non-malware-based threats like imposteremail prevent costly mistakes and breaches.

|

Some key takeaways from Proofpoint's Q1 2016 researchinclude:

  • Impostor email threats, aka business email compromise, areincreasingly mature and differentiated. Three-quarters of thesephishing attacks rely on fake “reply-to” spoofing to trick usersinto believing messages are authentic.
  • Email continues to be the top threat vector, with maliciousmessage Q1 2016 volume increasing by 66% over Q4 2015, and morethan 800% over the same period in 2015. “Email represents the firstline of attack for advanced threats and targeted attacks. It servesas a beachhead from which threat actors can pursue furthermalicious activities,” researchers pointed out.
  • Java and Flash Player vulnerabilities continue to pay dividendsfor cybercriminals as Angler was the most used exploit kit,accounting for 60% of total exploit kit traffic. Neutrino and RIGexploit kit use was also up with an 86% and 136% increase,respectively.
  • Every major brand examined increased social media content by atleast 30%. As fan- and brand-generated content volumes increase,higher risk follows. The constant challenge for organizations is toprotect their brand reputation. “If those interactions are muddledby spam, pornography, and adult language, customers walk away.Brands struggle to manage their social channels. Many also riskcostly compliance violations,” the report said.
  • Ninety-eight percent of all malicious mobile apps examined inQ1 2016 targeted Android devices, despite the high-profilediscovery of an iOS Trojan and presence of risky iOS apps and rogueapp stores.

“Threat actors employ a variety of highly effective lures thattarget departments (such as human resources and accounting) andspecific people,” the report disclosed. “These lures use a varietyof mechanisms to convince users that attackers' requests forinformation or money transfers are legitimate.”

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

  • Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including Law.com and GlobeSt.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.