In this report, we review malicious activity SophosLabs analyzed and protected customers against in 2017 and use the findings to predict what might happen in 2018.
The malware we protect customers from transcends operating systems. Ransomware in particular targets Android, Mac, Windows and Linux users alike. (Android phones run a modified version of Linux.) Four trends stood out in 2017 and will likely dominate in 2018:
1. A ransomware surge fueled by RaaS and amplified by the resurgence of worms;
2. An explosion of Android malware on Google Play and elsewhere;
3. Continued efforts to infect Mac computers; and
4. Ongoing Windows threats, fueled by do-it-yourself exploit kits that make it easy to target Microsoft Office vulnerabilities.
Ransomware continues to make organizations suffer, as evidenced by the persistence of Cerber and outbreaks of WannaCry and Petya (also known as NotPetya, since it was a variant of the original but with new behaviors). Looking at the raw numbers, WannaCry bested Cerber as the most prolific ransomware family, remaining active since its initial outbreak in mid-May. But that doesn’t make Cerber any less of a threat. If we narrow the scope to which ransomware appeared on the most computers, Cerber remains the most pervasive.
Ransomware as a service (RaaS) – malware kits available to anyone, regardless of skill – is a growing problem, and Cerber is an example of that. Looking at affected industries, hospitals and universities have been particularly hard hit. While the biggest ransomware attacks affect Windows users using different techniques – for example, WannaCry exploited a vulnerability in the Windows Server Message Block (SMB) service – an ever-increasing volume targets Android as well. A lot of it was found in apps on Google Play, and while Google diligently purges the bad apples, it’s all but impossible to keep pace with the bad guys. Android malware intercepted by SophosLabs is designed for many purposes, from sending text messages to stealing data, disabling security software, installing unwanted apps and snooping.
Next, we look at Mac malware. Apple attacks remain rare compared to its counterparts, but attackers still create contagions for macOS, particularly nuisance programs like badly-behaved adware.
Read the whole report: SophosLabs 2018 Malware Forecast