Quarterly Threat Summary: Dridex, ransomware, and BEC phishing hog the spotlight

Today, Proofpoint threat researchers published their analysis of the top threats and trends of the first three months of 2016. Banking Trojans and ransomware dominated the email malware landscape in January-March 2016 while impostor phishing (also known as business email compromise) gained speed. The massive email message volumes associated with Dridex banking Trojan malware gave way to our discovery of the new Locky ransomware. Social media content from top brands increased, increasing brand exposure through social channels. Meanwhile, risky mobile apps continued to dominate the story, especially on Android devices. Below are key takeaways from Q1 2016.

  • Impostor email threats are increasingly mature and differentiated. 75% of impostor email phishing attacks rely on fake “reply-to” spoofing to trick users into believing messages are authentic.
  • Ransomware vaulted into the top ranks of malware most-preferred by cybercriminals. 24% of document attachment-based email attacks in Q1 2016 featured the new Locky ransomware. Dridex was the only malware payload used more frequently.
  • Email continues to be the top threat vector, with malicious message volume sharply increasing. Q1 2016 volume increased by 66% over Q4 2015—and more than 800% over the same period in 2015. Dridex accounted for 74% of total attachment-based malicious email volume.
  • Java and Flash Player vulnerabilities continue to pay dividends for cybercriminals as Angler was the most used exploit kit, accounting for 60% of total exploit kit traffic. Neutrino and RIG exploit kit use was also up with an 86% and 136% increase, respectively.
  • Every major brand we examined (the top 5 English language Twitter and Facebook brands as tracked by Socialbakers) increased social media content by at least 30 percent—and as fan- and brand-generated content volumes increase, higher risk follows. Organizations are constantly challenged to protect their brand reputation and stop spam, pornography, and adult language from diluting their message.
  • 98% of all malicious mobile apps examined in Q1 2016 targeted Android devices. This is despite the high-profile discovery of an iOS Trojan and the presence of risky iOS apps and rogue app stores.

For a complete look at our Quarterly Threat Summary and to receive a downloadable version of the report, please visit: https://www.proofpoint.com/us/quarterly-threat-summary

 

Subscribe to the Proofpoint Blog