According to Quick Heal Threat Report for Q1 2017, about 295 million malware samples were blocked on the systems of Quick Heal users. February clocked the highest number of detection. Trojan had the highest detection of all, followed by Infectors, Worms, and Adware/PUA.
Quick Heal Security Labs, the threat research and response division of Quick Heal Technologies Limited, detected 10 new ransomware families in this quarter. Ransomware is a malware which encrypts user data and demands a hefty ransom in exchange for the key that decrypts the data. One of the widespread ransomware observed in Q1 2017 is the Dharma Ransomware, a decedent of the Crysis Ransomware. Files encrypted by this malware have the ‘.dharma’ extension. As observed by Quick Heal Security Labs, the master key of this ransomware has been leaked. Quick Heal Technologies used the key to develop a Decryption Tool to help the affected users and it can be downloaded from the company’s website.
On the Android platform, Quick Heal Security Labs received over 2 million samples - an increase of 31% in comparison with Q1 2016. Third-party app stores were found to be the most common source of malware in the top 10 Android malware list. Q1 2017 registered a massive growth of 200% of Android ransomware as compared to Q1 2016. It was observed that the growth of Android Banking Trojans has reduced by 10%.
Sanjay Katkar, MD & CTO, Quick Heal Technologies Limited, says, “Although Q1 2017 saw a drop of 13.61% in the detection count of Windows malware samples as compared to Q1 2016, our threat report indicates that there was an increase of 31% in the detection count on the Android platform. While the world is riding on a digital wave, cybercriminals are working their minds on all the things we do on the Internet - surf, chat, shop, bank, share, and so on. We want to ensure everyone is educated about the upcoming cybersecurity trends and understand their responsibility to use the Internet securely. As the year progresses, some important trends and predictions to watch out for include, evolution of ransomware, targeted attacks on IoT devices, Cloud services, and rising security vulnerabilities on Android devices.”
Trends and Predictions
Ransomware
Given their profitability, ransomware attacks are predicted to increase in the coming quarter. There can be a drastic increase in the number of Locky samples being distributed via spam emails or exploits. Ransomware-as-a-Service (RaaS) type attacks may increase due to its user friendliness.
Targeted Attacks
IoT (Internet of Things) devices are expected to be hit with new botnet families. Attackers can target PoS (Point of Sale) terminals and online payment systems due to the increased use of many cashless payment options.
Adware
Adware may cause an increase in theft of bank related information leading to loss of money. More adware may begin using audio ads.
Cloud security is a growing concern
Many organizations are making a rapid shift to Cloud due to its popularity and benefits. This means more sensitive data is being stored on Cloud every day. This trend is bound to attract the attention of attackers making way for more targeted attacks on such organizations resulting in data breaches and operational losses.
Vulnerability
Android vulnerabilities are only increasing giving attackers more reasons to target vulnerable devices and ultimately their users. And because Android malware are getting more complex with time, users cannot rely on app stores to keep a track of all vulnerabilities on their apps.
