AVTest annual malware report

July 14, 2017 Ben Gidley

AVTest.org produced their annual malware report recently and it’s interesting reading. It charts of picture of an active battle between attackers trying to make money and defenders who are fighting to keep up. The headlines of the report show malware authors are moving away from just targeting Windows PC’s and intro Macs, Linux (often in iOT) and Android.

Android attacks on the rise

The report shows a huge rise in malware being created targetted at Android – in the peak month alone (June 2016) there was 643,476 new malware varients seen! 97% of these are trojans – their purpose varies but a number were monetizing via pop up advertising being added to the phone, others were taking over the google accounts linked to the user and using them for click fraud.

IoT attacks a rising trend

IoT offers a tempting target for attackers, many of the systems are poorly secured linux devices (sorry Linux is only secure if you configure it right and patch it!) and being always on they offer the chance to run massive BOT farms, which can earn money for click fraud, DDOS, or generally cause a nuisance. Ancient Linux trojans like the Tsunami Trojan (originated in 2003) are now becoming real threats to these ecosystems. Next year we’ll see more and more chaos caused by such tools, and a number of people are predicting governments will need to regulate IoT to prevent disaster.

Mac users are getting less safe

Apple users tended to be second choice for malware vendors, as the underlying security of the OS was much better than windows, and the target market much smaller. However this year saw 3033 malware variants for Macs, compared to 819 the year before. It’s still small numbers compared to Windows/Android – but it’s a growing trend. The malware seems to be focused on making money via Advertising, Ransomware and credential theft. Depending on the ROI we can probably expect the people behind it to try more and more if they find Mac users are more profitable!

So what should we do? As usual I’d say it’s all about defense in depth – we need strong OS security (especially in IOT), strong patching processes, monitoring and AV/IDS technology. As usual with security the key thing is to keep on top of the problem and make sure it’s uneconomical for the bad guys!

Previous Article
Shedding light on NoSQL for a SQL-ized mind
Shedding light on NoSQL for a SQL-ized mind

When choosing the database technology for an application, the most important question is whether to stick w...

Next Article
Why you should care about whitebox cryptography
Why you should care about whitebox cryptography

More and more security companies are including "white-box cryptography" in their product offerings. This i...