For every new phishing URL impersonating a financial institution, there were more than seven impersonating technology companies.
Comparison of most impersonated companies between 2015 and 2016
Data collected throughout 2016 by Webroot clearly demonstrates a significant change since 2015, when the ratio was less than one to three. This increase may indicate that it is easier to phish a technology account, and that due to password reuse, they can be more valuable to hackers as a gateway to other accounts. The top three phishing targets in 2016 were Google, Yahoo, and Apple.
Researchers also uncovered a decreasing lifecycle in phishing attacks. The longest-running phishing site was active less than two days, and the shortest was only 15 minutes. Eighty-four percent of all phishing sites were active less than 24 hours.
Continued prevalence of polymorphic malware and ransomware
The most important 2016 trend in malware was polymorphism, which is when each instance is unique and undetectable by traditional signature-based security approaches. In fact, approximately 94 percent of malware and potentially unwanted application (PUA) executables were only seen once.
Ransomware continued to be a significant threat, with Locky being the most successful ransomware seen in 2016. In its debut week in February 2016, Locky infected more than 400,000 victims and was one of the first ransomware programs to encrypt unmapped network drives. The FBI estimated that cybercriminals would collect more than $1 billion in ransoms in 2016, and Webroot expects ransomware to continue to proliferate in 2017.
Android apps pose five times greater threat
Nearly 50 percent of the new and updated mobile apps analyzed in 2016 were classified by Webroot as malicious or suspicious, totaling nearly 10 million during the year. In contrast, just over 2 million such apps were identified during 2015.
As for the threats malicious mobile apps present, adware experienced significant growth, jumping from a negligible share in 2015 to nearly 10 percent in the second half of 2016. This change is likely due to the Android operating system’s growing market dominance, which makes it a more attractive target for adware.
Trojans continue to make up the majority of malicious mobile app threats, holding at 60 percent from 2015 to 2016.
Millions of unique malicious IP addresses
Throughout 2016, Webroot identified malicious IP addresses from nearly 150 countries. In 2016, 33 million unique malicious addresses appeared on the blacklist, a slight increase over 2015. This indicates that the previous years’ trend is continuing; attackers are changing IP addresses to avoid detection. This is underscored by the fact that over 88 percent of the top 10,000 malicious IP addresses used in attacks appeared on the list only once.
“The continued increase in sophistication and volume of phishing attacks, ransomware, and polymorphic malware mean we are at greater risk than ever from cybercriminals,” said Hal Lonas, CTO at Webroot. “It’s clear that relying on threat lists, virus signatures, and simplistic rules for protection is wholly insufficient against a threat landscape that is constantly evolving. Proven, real-time machine learning-based analysis that includes an understanding of threat behavior and context is necessary for accurate decision making and protection from today’s threats.”