PhishMe’s Q1 2017 Malware Review revealed several notable trends including a 69.2 percent increase in botnet activity, an uncharacteristic drop in ransomware, and increases in regionalized, international malware delivery. The increase in botnets and overall slowing of ransomware delivery indicated a shift back to basics and a retooling period, which resulted in threat actors rapidly innovating on their techniques as evidenced by second quarter strikes, including a resurgence of Locky ransomware, the debut of Jaff ransomware encryption, and the now notorious WannaCry worming ransomware.
Published today, the report includes an analysis of 749 sets of phishing emails delivering nearly 10,000 unique malware samples supported by over 14,000 online resources. You can read the full report here.
PhishMe Intelligence revealed a number of major trends, which have come to fruition over the past few months:
- Ransomware-as-a-business enters the next stage of innovation: As the first quarter of 2017 came to a close, it ended a period of relative calm in the ransomware space. In fact, rather than abandoning an incredibly lucrative business model, threat actors were about to unleash new innovations and developments including the WannaCry “atom bomb of ransomware” worming malware.
- A rising tide in botnet malware: Highly-adaptable and multifunctional botnet malware varieties grew in usage by 69.2 percent through the first quarter. Led by the Ursnif malware, these utilities provide threat actors with the access they need to initiate longer-term intrusions. Utilities like TrickBot, DELoader and Zeus Panda can all be used to facilitate lengthy surveillance and espionage operations.
- International trends: Many of the top malware in use was deployed using phishing lures in multiple languages, demonstrating that threat actors continue to recognize the value of attacking users around the world. Most notably, PhishMe Intelligence observed Zeus Panda using Italian-language messages and Ursnif phishing emails using German and Japanese content.
PhishMe Provides New Feature to Fight Phishing
In an effort to help combat threat actors’ fast-evolving tactics to circumvent security, the PhishMe Intelligence Strategic Analysis threat alerts and reports are now provided to all PhishMe customers on a weekly basis. The Strategic Analysis reports include detailed intelligence on the ever-changing tactics, techniques and procedures used by today’s threat actors. They are designed to deliver relevant and actionable details on threat actors, indicators of compromise, key malware families, tactics used to evade detection and engage users, and the very latest attachment types and scripting methods.
“Our Q1 2017 Malware Review shows that threat actors continue to be relentless in their tenacity to extort money and information from individuals and businesses worldwide,” explained PhishMe CTO and Co-founder Aaron Higbee. “Consequently, it’s clear that timely and relevant intelligence on the latest phishing attacks and threats more important than ever, which is why we are extending our ongoing phishing intelligence reporting to all our customers at no extra cost. Strategic Analysis reports have long been part of the PhishMe Intelligence offering, but now all PhishMe customers will receive weekly notifications with detailed intelligence on the evolving tactics, techniques, and procedures.”
