Panda Security has released its Q2/2015 security report showing that malware samples are up 42% on the same period in 2014 and stand at record levels.
It might have been a wetter than expected spring and summer across Europe but that doesn’t appear to have damped the spirits of malware writers. Panda Security says that it is detecting an average of 230,000 new samples of malware PER DAY. This is 42% increase on the same period last year. Not only is this a significant increase over the period but it amounts to 21 million new types each quarter although many of these are variants of known malware.
Trojans the most common malware
Panda Security breaks the types of malware down into five categories and interestingly there is a difference between the number of samples seen and the infection rate. In other reports from security companies the embedding of malware into social media and the use of drive-by infections have been seen as key to increasing infection rates.
Over the quarter the types of malware detected and their infection rate was recorded by Panda Security as being:
- Trojans: 71.16% / 76.25%
- Viruses: 10.83% / 1.53%
- Worms: 5.68% / 2.63%
- Adware/Spyware: 4.32% / 5.43%
- Other:7.57% / 14.39%
These numbers are interesting for several reasons. The first is that those writing or modifying viruses and worms are finding it hard to avoid detection by existing security products. There is never a time to be complacent around security but any time the numbers are getting better it is cause for a small celebration.
The rise of the Trojan is of considerable concern. While a large percentage are used to then steal personal details, they are also used to download other forms of malware. With the infection rate increasing faster than the number of new variants, it suggests that the security industry needs to do more in order to counter the increased threat.
Adware/Spyware a difficult problem to solve
Adware/Spyware is on the increase. Part of the reason is that the online marketing industry is getting better at getting its products into software installers. They have learned the lesson from the bloatware that accompanies all new devices and are paying some of the installer companies to include their product into their tool. Others are approaching companies with popular downloads and asking them to add their Adware into the installer for a fee.
There are two challenges here. The first is the online marketing industry where advertisers are desperate to get as much data on people as possible. This activity will continue to grow as it is unregulated and even where there are voluntary agreements to respect privacy, most of the online Ad sellers ignore it.
The bigger problem is the explosion of companies offering to supply ads to smaller websites. Like many sites, we are often approached by these companies but turn them away. The issue here is that many of them are aggregators and do little to no validation of the ads that they are serving onto sites. This means that they are an infection vector that can often get a website blocked.
Many of those distributing Adware have agreements with companies who are paid by Ad impression. It is in the interest of both parties to use Adware in order to drive up impressions and therefore revenue. Until this type of fraud is stamped out it will be a lucrative trade for many people.
Asia and Latin America
Across Panda Security’s customer base the average rate of detection of some form of malware was a whopping 32.21%. To all intents and purposes 1 in 3 users in a single quarter encountered some form of malware that was detected and dealt with. How many did not detect the malware and have been infected is hard to judge and any attempt to do so would be a wild estimate.
Given the attempts to educate corporate customers and individuals 32.21% does seem abnormally high but the reason can be found by looking at the countries where the highest infections occurred.
- 47.53% – China
- 43.11% – Turkey
- 41.97% – Peru
- 41.14% – Russia
- 40.93% – Argentina
- 40.13% – Bolivia
- 39.57% – Taiwan
- 39.21% – Guatemala
- 39.02% – El Salvador
- 38.89% – Ecuador
Only four European countries are rated above the average, Poland (38.48%), Slovenia (38.05%), Spain (36.37%) and Italy (33.97%). The US is also below the average here.
Old tricks such as Office macros and images that are not clear
There is rarely anything sophisticated about most attacks. This quarter Panda Security are reporting a return to the use of macros embedded in Office documents in order to infect computers. In an age where this is so well known as an attack vector it is surprising how effective it is.
Alongside this the criminals are taking advantage of a problem most people experience regularly – poorly displayed images. It is not uncommon in an email to have images that don’t seem to display. Some vendors do it to drive you to their website so that they can capture hits. In this instance, the malware writers use it to bypass the security on the machine and install a variety of nasty things.
It is not just macros and images in emails that are the problem. Images in social media and the use of shortened URLs are just as common an attack vector as people blindly click on them.
Cryptolocker raking in the cash
Like many of its competitors, Panda Security has been seeing a rise in the amount of Ransomware and specifically Cryptolocker. The most common infection route is that of macros and blurred images as detailed above.
Once installed, it is activated and the user has a small window of time to pay what is asked or lose all their data. Despite the occasional story around cybercriminals not honouring the unlocking of data, the vast majority do unlock on payment. However, there are problems with some of the variants of ransomware where the servers get taken down and the data cannot be unlocked because the key is now unavailable.
According to Luis Corrons, Technical Director of PandaLabs: “Cyber hackers are looking at businesses more and more as it is relatively easy for them to steal information. Sometimes it’s as simple as introducing a variant of Cryptolocker in a file that is sent to an employee and, once it’s opened, the security of the entire company is at risk”.
The increased rate of activity that Panda Security has seen will worry a lot of people in the security industry. Last quarter we saw a lot of vendors talking about attacks being on the decline as cybercriminals transitioned to more lucrative and long term attacks.
This new surge in attacks and the continued increase in ransomware products will cause concern for many CISO’s. Many companies have invested heavily in collaboration tools. This means that a return to infection through macros and image links should cause a lot of companies to take a step back and seriously review what they do in terms of continuous protection and scanning to stop this type of infection.
The only bright spot in this report is that viruses and worm infection rates are on the decline.