New Malware Declines in Q3 but Macros and Ransomware Flourish

Written by

McAfee Labs detected 327 new malware samples each minute in Q3, with mobile threats, ransomware and crafty fileless attacks designed to leave no trace causing particular problems for businesses.

The Intel Security research division claimed that during the third quarter it detected over 7.4 million attempts to get users to click on “risky” URLs, over 3.5 million infected files aimed at customer networks, and 7.4m PUPs.

But while overall new malware levels declined by 4% in the three month period, certain strains are booming, according to EMEA CTO, Raj Samani.

One of the main ones is ransomware, which grew 155% year-on-year thanks to the ready availability of low-cost ‘ransomware-as-a-service’ tools on the darknet.

Also on the rise via highly effective social engineering in spear phishing emails, was macro malware—from less than 10,000 new attacks in Q3 2015 to almost 45,000 this past quarter, a six-year high.

“Businesses should be more concerned about the nature of malware than volume itself,” Samani told Infosecurity.

“We’ve witnessed cyber-criminals becoming more stealthy in their approach to malware attacks. The newest evasion techniques used by fileless malware such as Kovter leave no trace on disk, making it much more difficult to detect these attacks.”

In fact, McAfee Labs captured 74,471 samples of fileless attacks in the first three quarters of 2015. New attacks like Kovter, Powelike, and XswKit load straight into memory, helping to hide their activities.

Other trends spotted by Intel Security in the quarter included the discovery of two new mobile malware strains attacking banking customers across Eastern Europe.

The malware—“Android/OpFake” and “Android/Marry”—apparently took advantage of developers' failure to follow their back-end providers’ security guidelines, enabling the abuse of root privileges to silently install on victim devices.

“In addition to staff education, IT departments should enforce measures to stop cyber criminals as well as implementing security processes and technology that ensure systems are backed up and data security can be restored as soon as possible after any attack,” argued Samani.

“As cyber-criminals find increasingly sophisticated methods of tapping into the booming data market, the enterprise must realize that detection and correction of a cyber-attack is just as important as the initial protection stage.”

What’s hot on Infosecurity Magazine?