Cybersecurity company Malwarebytes released its forecast of upcoming threats in 4Q17, based on trends it observed during the third quarter of the year.
The third quarter of 2017 saw a number of unusual events, such as the leak of over 143 million confidential records from credit reporting firm, Equifax, which is supposedly one of the world’s largest and self-reputed security and fraud mitigation specialists, and the arrest of Marcus Hutchins, famed for stopping the WannaCry ransomware outbreak, for allegedly developing another malware called Kronos.
According to Malwarebytes Labs’ third Cybercrime Tactics and Techniques report (https://www.malwarebytes.com/pdf/white-papers/CTNT-Q3-17.pdf), spam will continue to be the driving force in the delivery of malware variants. Dominant malware families such as Locky, Trickbot, GlobeImposter, PrincessLocker, and Emotet use spam as a distribution mechanism for new samples. Cerber remained the dominant ransomware for the fourth quarter in a row, but Locky is closing in on that lead.
Emotet has demonstrated the ability to evolve as a highly modular banking trojan. With the continuing development of this malware family, Malwarebytes expect new features to show up soon.
Tech Support Scams will get worse. In North America, such scams will likely shift their lead generation to a blend of malvertising and licence potentially unwanted program (PUP) deals. Apart from English-speaking users, tech support scammers are now also targeting francophones. Malwarebytes said Astrum via AdGholas was one of the most sophisticated malvertising operations to date due to the use of SSL and additional exploits to evade detection.
Activity from exploit kits is on the decline, although Rig Exploit Kit, Disdain Exploit Kit, and the Terror Exploit kit continue to spread various ransomware campaigns. Exploit Kits using SSL in their infection chain will become more common and create new challenges. Variants of existing exploit kits or newcomers are likely to show up as there is still room and market share to take away from RIG EK.
Malwarebytes predicts a return of fake virus scanners used by system optimiser PUPs to push their products. “This is similar to the landscape a few years ago, where you could find a ‘cleaner’ around every corner and nearly all of them lied to you,” said the report.
The increase in malware for Android devices is expected to continue. The latest “clicker” malware for mobile devices will morph some with new code and more obfuscation to avoid detection by security vendors and to bypass Google Play protect.
Android users are being targeted by a new ‘clicker’ trojan named Android/Trojan.Clicker.hyj which also possesses spreading capabilities via victims contact list.
Mac users have seen a 240% increase in the number of malware over this year over last with the addition of new variants of OceanLotus.
The report noted that many of its key predictions from the previous quarter have yet to materialise, but said a vast number of attacks against critical networks and devices still occurred. “We would like to remind readers that attacks are indiscriminate, and no system is immune. Remember to conduct regular backups of sensitive information and always perform due diligence when handing out confidential information to others,” said Malwarebytes. “Use a combination of security solutions and best security practices to help mitigate attacks against computer networks.”