2016 Malware Levels Now Stand at Nearly Four Times 2015 Totals

Share Article

AppRiver finds Necurs, Fareit, and Locky to be among the most threatening malware, and adds Web-borne threats to its quarterly report.

Troy Gill, manager of security research, AppRiver

On the Dark Web, organized crime groups have the ability to purchase botnets that unleash ransomware, such as the very popular Locky variant, that help to keep themselves in business and to fund other criminal activities.

Necurs is back with a vengeance, according to the security research team at AppRiver. In its Q2 Global Security Report, the company notes that the infamous botnet’s return was one of the major reasons behind the escalation in malware activity—which clocked in at 4.2 billion malicious emails and 3.35 billion spam emails between April 1, 2016, and June 30, 2016. For the first time, the report also includes metrics from Web-borne threats, reporting an average of 43 million unique threats daily throughout the second quarter.

AppRiver’s security analyst team quarantined 4.2 billion emails containing malware in Q2, pointing to a continued increase in malware traffic this year and resulting in total of 6.6 billion emails quarantined during the first half of 2016. For comparison, analysts observed 1.7 billion emails containing malware during all of 2015.

Ransomware levels, as predicted in the Q1 Global Security Report, have increased this quarter—and arguably pose the greatest threat to netizens. AppRiver’s security researches predict that the massive volume of malware isn’t likely to subside anytime soon. With the likes of Locky and Zepto kidnapping users’ files until they pay a ransom, malware—especially ransomware—has become a business of its own.

“On the Dark Web, organized crime groups have the ability to purchase botnets that unleash ransomware, such as the very popular Locky variant, that help to keep themselves in business and to fund other criminal activities,” said Troy Gill, manager of security research, AppRiver. “Its easy accessibility, coupled with victims’ willingness to pay to get their files back, contribute to its massive scope.”

The popular channels that malware, like ransomware, travel through include obfuscated JavaScript, malicious macros, and OLEs (Object Linking and Embedding).

“Email and malvertising remain popular ways to trick victims into downloading malware,” said Jon French, security analyst, AppRiver. “It’s as easy as email posing as a faux FedEx receipt requiring the victim to open a .zip attachment to view said receipt, except when the victim opens it, it downloads a malicious payload onto the computer that encrypts all of its files.”

The company did notice a brief dip in malware traffic from June 1, 2016, until June 20, 2016.

“The Necurs botnet went conspicuously quiet over that two-week period,” said Gill. “Around the same time, members of a major Russian organized crime group, Lurk, were arrested. While we can’t definitively link the two, we do know that had Necurs not been taken offline, malware traffic certainly would have been much higher.”

Fifty-five percent of spam and malware traffic originated in North America, with Europe coming in second place. Additionally, AppRiver’s SecureSurf™ Web filtering detected a spike in phishing attempts in June.

To prevent malware attacks, AppRiver recommends organizations have the following systems in place:

  • Antispam and antivirus solutions, including protection against Web-borne malware
  • Routine, mandatory software updates so that known vulnerabilities are patched
  • Double authentication procedures as a safeguard against “whaling” and other highly targeted attacks
  • Formal security policies and ongoing training to keep employees up to date and aware of their individual role in protecting company networks

AppRiver has included more details on these attacks and statistics within its Q2 Global Security Report. To read the full report and watch AppRiver’s security analysts’ round table discussion on its findings, visit https://www.appriver.com/about-us/security-reports/global-security-report-2016-quarter-2/.

About AppRiver
AppRiver offers cloud-based cybersecurity and productivity services to 47,000 companies worldwide, with more than 10 million mailboxes under its protection. Launched in 2002 as a spam and virus filtering company, AppRiver has since added Web malware protection, email encryption, secure archiving and email continuity to its suite of security services. The company is also among the world’s top providers of Office 365 and Secure Hosted Exchange. All services are offered on a pay-as-you-use basis with a free, fully supported 30-day trial and 24/7 US-based Phenomenal Care™. Easy, effective and affordable solutions – backed by white-glove customer care – have enabled the company to maintain an annual 93-percent customer retention rate. AppRiver is headquartered in Florida and maintains offices in Georgia, Texas, New York, Switzerland and Spain. To learn more, visit AppRiver online, Facebook, LinkedIn and Twitter.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jim McClellan
+1 8509325338
Email >

Kristy McDaniel
Visit website