Webroot Quarterly Threat Update: Volume of Malware Attacks Declining, but Attacks are More Deceptive and Short- Lived

Report Identifies Surges in Polymorphic Attacks and Malicious Android® Apps and Highlights Need for Advanced Protection

BROOMFIELD, CO. - September 21, 2016

The fall installment of the Webroot Quarterly Threat Trends, which tracked the first six months of 2016, finds users are over 20 percent less likely to encounter malware and other undesirable executable files than in 2015. The data, collected by Webroot, the market leader in next-generation endpoint security and threat intelligence, shows that, although the number of overall malware encounters is decreasing, malware attacks are more sophisticated and short-lived than ever before. Many attacks appear, infect, and disappear within hours—even minutes—having successfully exfiltrated sensitive data, launched ransomware, or found other means to achieve financial gain.

Other notable findings from the Fall 2016 Webroot Quarterly Threat Update include:

  • Google and Wells Fargo heavily targeted for phishing attacks – Starting in May, attacks against Google and Wells Fargo rose sharply. By June, they were the most targeted technology and financial companies. The report also reveals "phishers" are increasingly implementing polymorphic URLs, enabling attackers to target numerous users at once while avoiding traditional detection.
  • Geofiltering outwitted – The United States now hosts over 40 percent of malicious URLs, a slight increase from 2015. This increase is likely a means of circumventing geofiltering services, which block network traffic involving certain geographic regions. Given the high percentage of legitimate websites hosted in the U.S., it is counterproductive to block all traffic to and from the United States. This trend underscores the importance of URL reputation filtering for security assessment/risk in addition to content-based filtering.
  • Mobile app epidemic – The number of new malicious Android apps is on track to increase by almost 400 percent in 2016 compared to 2015. Malicious apps are mainly targeting Asia, due in large part to the prevalence of Android devices in that geography. Additionally, many Android users in Asian countries download their apps from unofficial app stores, which do not have as robust an evaluation process as Google Play.
  • Malicious IP address origins – Nearly half of all malicious IP addresses are now associated with China, India, or Vietnam. Additionally, analysis from Webroot data shows that initial attacks from malicious IP addresses stem from spam (email and web) and scanning activities.

"The report data demonstrates that, while malware encounters may be on a downturn, the business of cybercrime is indeed alive and well," said Tyler Moffitt, senior threat research analyst at Webroot. "As attack timelines accelerate and polymorphism continues to grow and spread across attack vectors, it’s more important than ever for organizations to adopt next-generation security approaches that can adapt and predict malware behaviors as they evolve."

Webroot collected data for its Quarterly Threat Trends by means of the Webroot Threat Intelligence Platform through the first half of 2016 and compared it to threat data from 2014 and 2015.

For more information, please visit https://www.webroot.com/us/en/business/resources/threat-trends/sept-2016; and register to attend the upcoming webinar, "Operational Threat Intelligence: Keeping up with the Speed of Morphing Threats," co-hosted by Jon Oltsik, ESG senior principal analyst.

About Us

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe. Our smarter approach harnesses the power of cloud-based collective threat intelligence derived from millions of real-world devices to stop threats in real time and help secure the connected world.