SophosLabs malware forecast points to rising IoT threats, more ransomware

sophoslabsSophosLabs has released a malware forecast to coincide with the start of RSA Conference 2017.

Typically, our research papers focus on Windows, which has traditionally been the largest battleground. While some of the report does indeed look at Microsoft-specific challenges, we decided to focus more on the increasing malware threats directed at platforms where the risks are often not as well understood, specifically Linux, MacOS and Android devices.

screen-shot-2017-02-13-at-12-04-44

SophosLabs has identified four trends that gained steam in 2016 and will likely remain challenges in 2017:

1. Linux malware that exploits vulnerabilities in Internet of Things (IoT) devices
The report starts by looking at how Linux is increasingly being used to target and infect IoT devices that include everything from webcams to household appliances that connect to the internet. Default passwords, out-of-date versions of Linux and a lack of encryption will continue to make these devices ripe for abuse.

2. The pervasiveness of Android malware
Next, the report looks at the top 10 malware families targeting Android devices, the most pervasive being Andr/PornClk: more than 20% of the cases SophosLabs analyzed in 2016 were from this family. It makes money through advertisements and membership registrations, and it is persistent – taking advantage of root privilege and requesting “Device Android administrators”. It downloads Android Application Packages (APKs), drops shortcuts on home screens and collects such information as the device ID, phone number and other sensitive details.

The report also looks at ransomware SophosLabs identified as Andr/Ransom-I, which pretends to be an update for the operating system and such applications as Adobe Flash and Adult Player. When downloaded, it is used to hijack the victim’s phone. While this malware is not nearly as widespread as the others, accounting for only 1% of all samples and didn’t even make our top 10 list, it is still noteworthy because it targets devices running Android 4.3, which is still used by 10% of Android owners – roughly 140m users worldwide.

3. MacOS malware that spreads potentially unwanted applications (PUA)
The report then goes on to look at MacOS malware that is designed to drop password-stealing code, including ransomware such as OSX/KeRanger-A and a variety of badly behaved adware. Though it continues to see fewer malware and ransomware infections than Windows, MacOS saw its fair share in 2016, and we expect that trend to continue.

4. Microsoft Word Intruder malware that is now expanding its targets beyond Office
Finally, the report looks at Windows-based malware kits that have historically targeted Word but are now expanding their horizons to abuse Flash.

The full report, in PDF form, can be downloaded from here.