Massive Surge in Botnet Malware Activity in Q1 2017

The first quarter of 2017 saw a 69.2 percent increase over the previous quarter in botnet malware usage, according to PhishMe’s Q1 2017 Malware Review.

“Tools like Ursnif, DELoader, and Zeus Panda have led a charge to leverage phishing emails to expand the reach of criminal botnet operations in the first quarter of 2017,” the report states. “While serving threat actors as financial crimes instruments, these tools may also be used for exploration and customization of intrusions. Threat actors can use these tools to determine the nature of the environment into which they have gained access and plot the best avenue for monetizing or leveraging that access.”

The PhishMe report, based on an analysis of 749 sets of phishing emails delivering almost 10,000 unique malware samples, also noted a reduction in ransomware usage by 44.9 percent — but the company says that’s not a reason to think ransomware is on the way out.

“The overall reduction, considering ransomware’s continued use at lower volumes throughout the first quarter, points not to a faltering threat but instead a search for the next stage of development of the ransomware business model,” the report states.

“Our Q1 2017 Malware Review shows that threat actors continue to be relentless in their tenacity to extort money and information from individuals and businesses worldwide,” PhishMe CTO and co-founder Aaron Higbee said in a statement.

Malware? No Worries

Still, some people aren’t worried. A separate Barkly study found that four out of 10 organizations surveyed said they wouldn’t be shocked or overly concerned to find malware on their endpoints, and one third of organizations don’t consider the presence of malware to be extremely serious until damage is clearly evident.

Just one third of respondents said they would consider replacing their security solutions if malware made it onto their endpoints — though 70 percent said they would do so if an attack resulted in stolen data.

“There’s a dangerous assumption in these responses that damage caused by malware is always immediately apparent,” Barkly senior content manager Jonathan Crowe wrote in a blog post. “That is certainly the case with ransomware, but not other ‘silent’ attacks that involve remote access control, credential theft, and keylogging, etc.”

While 40 percent of organizations acknowledged having suffered a ransomware attack that bypassed their security and encrypted their files, almost a third said they see recovering from backup as an adequate substitute for preventing ransomware infections.

“Without question, having reliable, tested backups is a crucial part of any decent security strategy,” Crowe wrote. “But if having backups is the strategy, that’s not playing defense — it’s simply showing a capacity to take a punch in the face.”

Complacency, Overconfidence

A recent Advisen survey of more than 300 risk managers, data brokers and legal experts found that respondents’ key concerns regarding cyber security are focused on problems of complacency and overconfidence.

The survey, sponsored by Experian, found that while risk managers rated their employee education programs as average, data brokers and legal experts ranked their clients’ employee education programs as below average (2.57 and 2.91 out of 5, respectively).

Similarly, while 72 percent of risk managers said their network protections are above average, the majority of outside experts said their clients’ network protections are below average.

Fifty-four percent of legal experts and 61 percent of data brokers said they feel their clients don’t have the knowledge necessary to work with vendors and the government to navigate cyber risks.

“It’s important to note that while third-party risk experts and risk managers had varying perceptions of preparedness, they were in agreement on what risks to watch for in the coming year,” Experian Data Breach Resolution vice president Michael Bruemmer wrote in a blog post. “All cited phishing of personal or financial information as the greatest area of risk. Further, all three recognized ransomware attacks as the area of second-greatest risk.”

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Top Cybersecurity Companies

Related articles