Keeping web based intelligence fresh

Five years ago there was just under 220 million different types of malware. Today that number is over 990 million. Many cybersecurity practitioners can look at the victims of malware and see their own alma mater has been attacked. Perhaps for professionals, like Grayson Milbourne, security intelligence director at Webroot, the targets of malware attacks seem personal–almost as personal as phishing scams.

Milbourne went to CU Boulder – the university lost every record in the late 2000s. He uses PlayStation and in 2011 he had his account information compromised. He shops at Home Depot which had an estimated 56 million credit and debit cards stolen – one of those was Milbourne.

But Milbourne is no everyday individual. As the security intelligence director at Webroot, he is not just personally but professionally familiar with the many sources of information that get compromised and how this has evolved over time. 

According to Webroot’s 2016 threat insights and trends threat brief, which looks at the changes to the threat landscape over the past 12 months, “2015 was another record year for cybercrime. during which more malware, malicious IPs, websites, and mobile apps were discovered than in any previous year. It comes as no surprise that the cybercrime ecosystem continues to thrive, given new innovations and little in the way of risk for those who choose to participate.”

Milbourne said the brief showed some surprising data. “Malware injections today are almost completely polymorphic, which means that they are unique to that incident making them even more difficult to detect as it leaves security practitioners without access to an example.”

Here are some key highlights broken down into the different threats explained in the brief:

Malware

• During 2015, Webroot saw hundreds of millions of new, unique executable files. Of these files, approximately 3.7 percent were determined to be malware, and 7.1 percent were identified as potentially unwanted applications (PUA)
• The number of PUA vendors has dropped recently
• Consumers are growing more diligent about installing legitimate applications
• Google has changed their indexing policies so that searches for applications return the vendor site first, instead of other distribution points, helping to guide consumers to legitimate software sources
• The number of new malware files increased by 29 percent from year to year, while the number of PUAs declined by 30 percent over the same time period
• The rate of growth in malware has historically been over 100 percent each year, so the 2015 rate of 29 percent marks a major decrease, but that is likely because criminals are shifting toward polymorphic instances

Phishing scams

•  2015 over 4 million unique phishing sites encountered (of the 8 million Webroot customers)
• 50 percent of internet users will fall for a zero-day phishing attack in a year
• The lifespan of phishing sites is now typically measured in hours and minutes
• technology companies were targeted by over twice as many phishing sites as financial institutions (68 percent to 32 percent)
• Phishing sites targeting Google still make up the largest percentage, having increased from 36 percent in 2014 to 44% in 2015
• The United States hosts, by far, the largest number of phishing sites (56 percent)
• The average likelihood of a user encountering a true zero-day phishing site over the course of a year was only 30% in 2014, but climbed sharply to 50 percent in 2015, testifying to the increased efficacy of zero-day phishing attacks

Mobile threats

• By the end of 2015, 52 percent of all new and updated Android apps were determined to be unwanted or malicious, while only 18 percent were benign
• Most mobile app threats discovered involve Trojans (60 percent) or PUAs (28 percent)

As the threat ecosystem continues to evolve, it’s critical for security practitioners at every level to remain fresh and proactive if they hope to mitigate security risks.