2017 State of Malware Report

2017 State of Malware Report

2016 was the year that reminded us how important prevention is, no matter what type of user you may be. Indeed ransomware dominated the threat landscape and was heavily distributed via phishing emails, compromised websites, or malicious ads. With such a threat that encrypts your valuable data, there is often times very little you can do after the fact.

To give you an idea of how fast ransomware progressed, we saw a 267 percent increase between January 2016 and November 2016, with over 400 different variants in total. The most impacted users were businesses, possibly correlated with the increase in malicious spam during the same time period. Several large botnets were used to send phishing emails containing Office documents or scripts purporting to be invoices or other such lure.

This was another observation we made with the return of old fashioned infection techniques such as VBA Macros and a flurry of scripting languages (JavaScript, VBScript, etc) which took many in the security industry by surprise. The most interesting ones are the Word or Excel booby trapped files because they truly mix in with genuine files any company typically sends and receives each day.

While malware authors mostly relied on ransomware to make the bulk of their revenues, we noted an increase in ad fraud as well. Malware infested computers that visit websites and click on ads within a hidden desktop are responsible for billions of dollars in losses for advertisers. But they are also a threat to end users as they can also get infected with other types of malware as a result of this browsing activity.

Botnets continued to become a huge threat, not only as spam machines like mentioned earlier but also to launch severe Distributed Denial of Service attacks that impact large portions of the Internet. While traditional PCs continue to be used as bots, internet enabled devices, also known as IoT, were a low hanging fruit threat actors went after. Security cameras, routers, and many other internet connected devices are often poorly secured with default passwords or security flaws that will rarely ever get patched by their owners. Those same devices were used to take down other websites and wreak havoc across the internet.

Mobile malware keeps on evolving with better anti AV tricks while end users continue to get infected mostly by downloading free apps from non authorized stores. Brazil, Indonesia, the Philippines, and Mexico were some of the top countries affected by mobile malware.

In 2017 we can only expect ransomware to become more aggressive and have a direct impact on our lives as healthcare facilities or critical infrastructure are affected. Unless there are major laws forcing manufacturers to make IoT devices more secure out of the box, we can expect the size of such botnets to grow bigger and pose an even more dire threat to the internet.

2017 will also be the year where we see whether exploit kits will finally return as the top infection method but we can only expect spam campaigns to remain strong and steady especially against small and medium businesses, while larger organizations may also get targeted more frequently via clever phishing attacks.

To read more about our malware in 2016 and our predictions, please download the report here.


Jérôme Segura

Principal Threat Researcher