85,000 new malicious IPs are launched every day, and the top phishing targets are technology companies and financial institutions, the new Webroot 2015 Threat Brief reveals.
Presented at RSA Conference 2015, this year’s report provides the latest cyber threat trends collected from tens of millions of users and over 30 security technology partners and shows how collective threat intelligence that is shared across users and organizations is the only winning way to fight cybercrime.
Key findings include:
- The United States accounts for 31% of malicious IP addresses, followed by China with 23% and Russia with 10%. Overall, half of malicious IP addresses are based in Asia.
- The average reputation score of all URLs is 65%. Surprisingly, some categories that might be assumed suspicious or unwanted due to their nature are relatively reputable. For example, URLs tied to Cheating (85%), Hate and Racism (82%), Violence (77%), Adult and Pornography (65%), and Nudity (65%) are relatively reputable when compared to the average scores.
- There is a 30% chance of Internet users falling for a zero-day phishing attack in the course of a year, and there was an over 50% increase in phishing activity in December 2014. This is most likely due to the holiday season.
- On average, there are nearly 900 phishing attempts detected per financial institution, but over 9,000 attempts detected per technology company. Top five technology companies impersonated by phishing sites are: Google, Apple, Yahoo, Facebook and Dropbox.
- When evaluating phishing sites by country, the United States is by far the largest host of phishing sites, with over 75% of sites being within its borders.
- On average, only 28% of apps on the Android platform were trustworthy or benign, which fell from 52% in 2013, nearly 50% were moderate or suspicious, and over 22% were unwanted or malicious. Trojans make up the vast majority of malicious threats, averaging 77% for 2014.
2014 also brought an increase in innovative techniques to infect PCs. Most notable was the discovery of Poweliks, a powerful Windows registry exploit, which was fully contained in the registry and did not require a file component to deliver a new infection such as crypto ransomware.
Further, five unique PUA families were discovered and hundreds of variants, including widely prevalent CTB/Critroni and Cryptowall 3.0. Each family introduced new innovative social engineering techniques and complexity to the encryption process.
What can individuals and organizations do?
The data shows that organizations need to bolster their security posture with real-time, highly accurate threat intelligence to protect themselves from cybercriminal activity. This enables them to set proactive policies to automatically protect networks, endpoints, and users as part of a defence-in-depth strategy. This is crucial when security teams consider the threat landscape as a whole, in addition to conducting in-depth analysis on the threats targeting them.
Individuals also need to be more vigilant than ever about the websites they visit, the URLs they follow from emails, and the applications and mobile apps that they use.