Last year saw a steep increase in malware distributed through email attachments in phishing attacks but 2017 will be the year of malware exploit kits, according to a report by security vendor Malwarebytes. We take a closer look at malware trends from 2016 and predictions for the year ahead.
Malwarebytes analysed nearly one billion malware incidents it detected in 2016 across 200 countries for the report. The malware detected covered nearly 100 million Windows and Android devices used by consumers and businesses.
Besides the obvious points about the exponential growth of ransomware (267% jump in detection between January and November) and how cybercriminals have doubled down on infecting businesses across the globe, one interesting finding was how the way of distributing malware has changed.
There was a jump in the use of attached scripts, usually in ZIP files, in phishing emails in 2016. Once the attachment is opened and launched, the script reaches out to a remote server to download and install malicious software on a victim's computer.
Another method that gained popularity in 2016 was the use of macro scripts inside Microsoft Office documents (.docx, xlsx, etc.), which would execute once a user opened the document and enabled macros. According to Malwarebytes:
Using social engineering tactics, the attackers coaxed the user into enabling these features, which would also download and execute malware on the system. Building on top of this pre-existing method of infection, attackers have added sophistication by sending protected ZIP files and Office documents, including the password in the phishing email. This gives an increased sense of legitimacy to the attack as well as being an effective method of defeating automatic analysis of the attack email by malware search tools, including honeypots and sandboxes.
The reason why macro scripts received so much love from cybercriminals last year was because the one of the major exploit kits called Angler shut down its operations.
But exploit kits are expected to make a comeback in 2017. Malwarebytes noted that another exploit kit called RIG is rapidly taking the pace of Angler: "[Exploit kits] are likely to become the standard for malware distribution again in the very near future."
That doesn't mean malicious phishing attacks using scripts attached to emails will go away any time soon. If anything, they will continue to be used by cybercriminals and will become even more sophisticated.
You can check out the Malwarebytes report here.