Sophos 2017 Malware trends and predictions
- Ransomware is on every platform – don’t assume your mobile and tablets are safe
This year, WannaCry shook the world as the cyber hi-jack accounted for more than 45% of all ransomware tracked, closely followed by Cerber at 44.2%, according to Sophos’ most recent Malware Report.
In September alone, 30.4 percent of malicious Android malware processed by SophosLabs was ransomware. Sophos expects this to jump to approximately 45 percent in October. The majority of these attacks have targeted Windows users, but the number of attacks on other platforms is increasing, including those targeting Android, Macs and Linux.
Ransomware attacks have shifted in focus in the past two years, towards industries which are most likely to pay up, such as healthcare, government, critical infrastructure, and small businesses. Due to it being one of the most lucrative industries from ransomware payments or selling medical records, Healthcare has been a big target in 2017 and will without a doubt continue that way into 2018.
- Malware is hiding in Android Apps
When reviewing Google Play, Sophos found that the number of different threats had doubled since last year. One type of malware, dubbed ‘GhostClicker’, sat in Google Play for almost a year, disguising itself as part of the service library. It then request device administration permission, and actively simulated click-on advertisements as it delivered to earn revenue.
One of the more sobering finds was Lipizzan, spyware that infected up to 100 devices. Although this doesn’t sound like a large number, it seems this was a targeted, precision malware, which was designed to monitor phone activity and extracting data from popular apps including email, SMS, location, and voice calls, and media.
Malware such as this is showing no sign of reducing in the future, as cyber criminals know it works. Therefore, in order to combat being a victim of Android malware, Sophos would suggest consumers:
- Stick to Google Play – Although it isn’t perfect, it puts plenty of effort into preventing malware arriving in the first place
- Avoid apps with a low reputation – Be especially wary of this when using a work phone
- Patch early, patch often – Check the vendors attitude to updates
- Online gaming is being used to spread Ransomware and Malware
In terms of online gaming, fake copies of the popular game, ‘King of Glory’ were used to spread ransomware this year. The warning screen used mimicked the one used during the WannaCry outbreak, directing individual to pay the ransom through the China-based Wechat, Alipay and QQ payment methods.
The number of malicious apps has risen steadily in the last four years, peaking at nearly 3.5 million in 2017, therefore we are likely to see this rise further in 2018, including more deceptive online gaming traps.
- Data breaches– they are not going away
The downside of living in this hyper-connected society means that people are extremely vulnerable to cyber-attacks, as shown in the past few weeks with the Uber Hack, which affected 2.7 million riders and drivers. Sadly, we don’t see these data breaches diminishing in 2018, and with GDPR coming into effect in May it will only continue to be a hot topic and something we are continuing to see.
- 2018 and beyond
It’s impossible to predict what will happen in 2018, however it’s a fair bet that Android and Windows will continue to be heavily targeted with ransomware and other Malware. Email will also remain the primary attack vector threatening corporate cyber security, especially in the case of targeted attacks.
Four trends that stood out in 2017, and will likely dominate 2018 are:
- A ransomware surge fueled by RaaS and amplified by the resurgence of worms;
- An explosion of Android malware on Google Play and elsewhere;
- Continued efforts to infect Mac computers; and
- Ongoing Windows threats, fueled by do-it-yourself exploit kits that make it easy to target Microsoft Office vulnerabilities.