The Malware Uprise: Why is it a Common Story?
Malware attacks are a common story today, causing headlines from across the globe. What’s driving the rise of malware? Let’s take a look at three factors that contribute to the malware uprise.
Ransomware threats have dominated over the last year. In their report, Malwarebytes points out two reasons why ransomware has become the malware of choice for cyber criminals: it’s easy to use and it works. Complete Ransomware as a Service solutions are offered on the dark net for as little as $39 which means you don’t need coding skills to launch a ransomware attack. It’s easy to get paid using this mode of attack because criminals don’t need to hunt for a buyer of the stolen data; they simply ask for ransom payment from the victim. And ransomware works: the encryption is virtually impossible to break so victims will pay to get files back.
Weakness in IoT
An increase in Linux-based malware is evidence that hackers are increasingly targeting IoT devices, according to research from WatchGuard. Linux malware made up more than a third of the top malware WatchGuard detected by analyzing data gathered from tens of thousands of unified threat management appliances. This is three times more than detected in a previous report, and researchers attribute this growth to hackers exploiting “systemic weakness” in connected devices.
Botnets are networks of computers infected with malware that allows the computers to be controlled as a group in order to distribute spam or launch a Distributed Denial of Service attack. New forms of botnet attacks prey on Internet of Things (IoT) devices. Late 2016 saw the Mirai open-source botnet that infected thermostats, webcams, home security systems and routers. A Mirai botnet of roughly 100,000 IoT devices launched a DDoS attack on DYN, a company that manages the connections between domain names and the numeric address of the server that hosts a website.
These types of attacks are possible because the IoT industry often fails to include security measures in devices. A McAfee Labs 2017 report attributes this lack of security to vendors’ drive to be first to market with certain types of IoT devices. Developers focus on features designed to capture early adopters, and sound security is usually not at the top of the list of must-have features this class of buyers.
There is a malware component to almost every attack targeting users. Users remain a target of attacks because they fail to follow security guidelines or are duped into opening the door to malware through phishing or social engineering tactics.
Not plugging a random USB drive into your laptop may seem like common sense to many, but a study conducted in 2016 revealed that there’s a large percentage of the population that may not be aware of the danger of this activity and the resulting malware infection.
Mobile malware is a real risk. Users taking advantage of BYOD at work may open the door to malware via their personal device. Organizations should be stressing the use of safe public app stores such as the Apple AppStore or Google Play to their employees and considering the use of enterprise mobility management (EIM) solutions within their infrastructure.
The malware story is big. Malwarebytes’ report covering half of 2016 included almost a billion malware detections from almost a million consumer and corporate Windows and Android devices distributed in more than 200 countries.