The amount of phishing emails containing a form of ransomware grew to 97.25 percent during the third quarter of 2016 up from 92 percent in Q1.
PhishMe’s Q3 2016 Malware Review identified three major trends previously recorded throughout 2016, but have come to full fruition in the last few months:
Locky continues to dominate: While numerous encryption ransomware varieties have been identified in 2016, Locky has demonstrated adaptability and longevity.
Ransomware encryption: The proportion of phishing emails analyzed that delivered some form of ransomware has grown to 97.25 percent, leaving only 2.75 percent of phishing emails to deliver all other forms of malware utilities.
Increase in deployment of ‘quiet malware’: PhishMe identified an increase in the deployment of remote access Trojan malware like jRAT, suggesting that these threat actors intend to remain within their victims’ networks for a long time.
During the third quarter of 2016, PhishMe Intelligence conducted 689 malware analyses, showing a significant increase over the 559 analyses conducted during Q2 2016. Research reveals that the increase is due, in large part, to the consistent deployment of the Locky encryption ransomware. Locky executables were the most commonly-identified file type during the third quarter, with threat actors constantly evolving the ransomware to focus on keeping this malware’s delivery process as effective as possible.
“Locky will be remembered alongside 2013’s CryptoLocker as a top-tier ransomware tool that fundamentally altered the way security professionals view the threat landscape,” explained Aaron Higbee, CTO at PhishMe. “Not only does Locky distribution dwarf all other malware from 2016, it towers above all other ransomware varieties. Our research has shown that the quarter-over-quarter number of analyses has been on a steady increase since the malware’s introduction at the beginning of 2016. Thanks to its adaptability, it’s showing no signs of slowing down.”
While ransomware dominates the headlines, PhishMe’s Q3 Malware Review reveals that other forms of malicious software delivered using remote access Trojans, keyloggers and botnets still represent a significant hazard in 2016.
Unlike ransomware, so-called ‘quiet malware’ is designed to avoid detection while maintaining a presence within the affected organization for extended periods of time. While only 2.75 percent of phishing emails delivered non-ransomware malware, the diversity of unique malware samples delivered by these emails far exceeded that of the more numerous ransomware delivery campaigns.
Rohyt Belani, CEO at PhishMe added, “The rapid awareness of and attention to ransomware has forced threat actors to pivot and iterate their tactics on both payload and delivery tactics. This sustained tenacity shows that awareness of phishing and threats is not enough. Our research shows that without a phishing defense strategy, organizations are susceptible to not just the voluminous phishing emails used to deliver ransomware, but also the smaller and less-visible sets of emails used to deliver the same malware that has been deployed for years. We must empower people to act as both human sensors for detecting attacks and partners in preventing threat actors from succeeding.”