Sophos 2017 malware trends and predictions for the year ahead

Sophos 2017 malware trends and predictions for the year ahead

Harish Chib, Vice President, Sophos, Middle East & Africa

Article by Harish Chib, Vice President, Sophos, Middle East & Africa

From online gaming to mobile apps and wearable tech, technology is used at almost every touch point in people’s day-to-day lives. However, the downside of living in this hyper-connected society means that people are also extremely vulnerable to cyberattacks.

This year’s Malware Report from Sophos reveals just how malware is being weaved into this everyday technology, and how, year on year, we are seeing cybercriminals become more intelligent in their attacks, making it increasingly important for consumers to be wary of the dangers out there.

Whilst many consumers may live in denial that an attack like this will ever affect them, Sophos’ research revealed the opposite. Sophos reviews the most prominent risks from 2017, and what we can expect in 2018.

1. Ransomware is on every platform – don’t assume your mobile and tablets are safe

This year, WannaCry shook the world as the cyber hijack accounted for more than 45% of all ransomware tracked, closely followed by Cerber at 44.2%, according to Sophos’ most recent Malware Report.

In September alone, 30.4% of malicious Android malware processed by SophosLabs was ransomware. Sophos expects this to jump to approximately 45% in October. The majority of these attacks have targeted Windows users, but the number of attacks on other platforms is increasing, including those targeting Android, Macs and Linux.

Ransomware attacks have shifted in focus in the past two years, towards industries which are most likely to pay up, such as healthcare, government, critical infrastructure, and small businesses. Due to it being one of the most lucrative industries from ransomware payments or selling medical records, healthcare has been a big target in 2017 and will without a doubt continue that way into 2018.

2. Malware is hiding in Android apps

When reviewing Google Play, Sophos found that the number of different threats had doubled since last year. One type of malware, dubbed ‘GhostClicker’, sat in Google Play for almost a year, disguising itself as part of the service library. It then requested device administration permission, and actively simulated click-on advertisements as it delivered to earn revenue.

One of the more sobering finds was Lipizzan, spyware that infected up to 100 devices. Although this doesn’t sound like a large number, it seems this was a targeted, precision malware, which was designed to monitor phone activity and extract data from popular apps including email, SMS, location, and voice calls, and media.

Malware such as this is showing no sign of reducing in the future, as cybercriminals know it works. Therefore, in order to combat being a victim of Android malware, Sophos would suggest consumers:

• Stick to Google Play – Although it isn’t perfect, it puts plenty of effort into preventing malware arriving in the first place
• Avoid apps with a low reputation – Be especially wary of this when using a work phone
• Patch early, patch often – Check the vendors attitude to updates

3. Online gaming is being used to spread ransomware and malware
In terms of online gaming, fake copies of the popular game, ‘King of Glory’ were used to spread ransomware this year. The warning screen used mimicked the one used during the WannaCry outbreak, directing individuals to pay the ransom through the China-based Wechat, Alipay and QQ payment methods.

The number of malicious apps has risen steadily in the last four years, peaking at nearly 3.5 million in 2017, therefore we are likely to see this rise further in 2018, including more deceptive online gaming traps.

4. Data breaches – they are not going away
The downside of living in this hyper-connected society means that people are extremely vulnerable to cyberattacks, as shown in the past few weeks with the Uber Hack, which affected 2.7 million riders and drivers. Sadly, we don’t see these data breaches diminishing in 2018, and with GDPR coming into effect in May it will only continue to be a hot topic and something we are continuing to see.

5. 2018 and beyond
It’s impossible to predict what will happen in 2018, however it’s a fair bet that Android and Windows will continue to be heavily targeted with ransomware and other malware. Email will also remain the primary attack vector threatening corporate cybersecurity, especially in the case of targeted attacks.

Four trends that stood out in 2017, and will likely dominate 2018 are:

1. A ransomware surge fuelled by RaaS and amplified by the resurgence of worms;
2. An explosion of Android malware on Google Play and elsewhere;
3. Continued efforts to infect Mac computers; and
4. Ongoing Windows threats, fuelled by do-it-yourself exploit kits that make it easy to target Microsoft Office vulnerabilities.

Browse our latest issue

Intelligent CIO Africa

View Magazine Archive