Nathan Eddy | February 29, 2016

Malware Grows More Sophisticated, Polymorphic

In the second half of 2015, 52 percent of new and updated apps were unwanted or malicious—a significant increase over the first half of 2014.

Malware and potentially unwanted applications (PUAs) have become overwhelmingly polymorphic, with 97 percent of malware morphing to become unique to a specific endpoint device, according to a report from security specialist Webroot.

In the second half of 2015, 52 percent of new and updated apps were unwanted or malicious—a significant increase over the first half of 2014, when only 21 percent were unwanted or malicious.

Approximately half of Webroot’s users said they experienced a first contact with a zero-day phishing site, as compared to approximately 30 percent in 2014, data that indicates zero-day phishing attacks are becoming the hacker’s choice for stealing identities.

Overall, 100,000 net new malicious IP addresses were created per day in 2015, a significant increase from the 2014 average of 85,000 a day, suggesting cyber criminals rely less on the same list of IPs, and are expanding to new IPs to avoid detection.

The report found major technology companies, including Google, Apple and Facebook were targeted by more than twice as many phishing sites as financial institutions, such as PayPal, Wells Fargo and Bank of America.

Webroot said these tech companies were targeted because the same login credentials are often used to access many other websites, resulting in multiple compromised accounts with each phishing victim.

"Many attacks are staged, delivered, and terminated within a matter of hours, or even minutes, having harvested user credentials and other sensitive information," the report noted. "Countering these threats requires an innovative approach to attack detection that leverages advanced techniques and up-to-the-second threat intelligence."

The U.S. continues to have the most malicious IP addresses of all countries. In 2015, it accounted for over 40 percent of all malicious IP addresses, a significant increase from 31 percent of malicious addresses in 2014.

Meanwhile, the top countries hosting 75 percent of malicious IPs include the U.S., China, Japan, Germany, and the UK.

Phishing attacks continue to grow in volume and complexity, supported by more aggressive social engineering practices that make phishing more difficult to prevent, according to a report released earlier this month by Wombat Security Technologies.

Organizations surveyed indicated they have suffered malware infections (42 percent), compromised accounts (22 percent), and loss of data (4 percent), as a direct result of successful phishing attacks.

Wombat is integrating with enterprise security tools like Carbon Black, which provides data that can tell a security person about an endpoint’s technical activity.

"What Wombat is interested in is gleaning user behavior from this data and assigning targeted prescriptive training to the user," Trevor Hawthorn, chief technology officer of Wombat, told eWEEK. "The training can take the form of very brief just-in-time training messages or assignment to mandatory, longer form training modules. This is a really interesting space right now."

Read the article on eWeek