The threat landscape evolved significantly in 2016. Criminals leveraged human vulnerabilities to launch more malicious email campaigns than ever before along with increasingly targeted attacks across mobile and social media platforms.
For a comprehensive analysis, please download the full report. A summary of our findings is below.
Key Takeaways: Bigger, Faster More
Email and Exploit Kits
- Overall exploit kit activity fell 93% from its Q1 high while the number of ransomware variants multiplied 30 times over last year.
- CEO-to-CFO spoofing dropped 28% between August and December as DMARC (Domain-based Message Authentication Reporting and Conformance) adoption grew 33%.
- Credential phishing remains a large-scale threat, usually propagated through malicious links via email.
- Hundreds of thousands of mobile devices were potentially exposed to attacks that redirected users to malicious websites through the DNSChanger exploit kit that attacked SOHO routers rather than mobile or desktop devices directly
- Several significant mobile risks emerged beyond the growth of malware, including:
- 4,500 mobile apps related to the Summer Olympics and sponsor brands were risky (e.g. potentially leaked data) or outright malicious.
- Fraudulent social media accounts doubled from the third to the fourth quarter of 2016.
- Social media phishing attacks increased 500% year-over-year—this figure includes angler phishing that intercepts customer support channels on social media.