Skip to main content
Join us for the 2016 Malware Awards on November 22, 2016! This webinar will provide expert insights on the latest cybercriminal activity and recognize the year's most innovative, dangerous, and pervasive malware. Specifically, we will be covering the latest developments and providing updates on Angler, Neutrino, CryptXXX, TeslaCrypt, Locky, Cerber, CryptoMix, and RaaS. Come learn about these developments and strategies to help secure your organization from ransomware and next-generation cyberthreats.

 

 

Presented by Webroot's Senior Threat Research Analyst, Tyler Moffitt

Tuesday, November 22

10 am PST, 11 am MST, 12 pm CST, 1 pm EST

 

Register Here
Our 2016 Malware Awards webinar on November 22nd was a great success with 192 live attendees!

If you weren't able to attend live recording (or just want a quick snapshot), here are the main highlights.

 

Insights:

In the first 6 months of 2016:


  • Over 400% growth of PUA
  • Over 500% growth of malicious apps
  • More than 300% growth in Android Apps
The fastest growth of new malicious apps is in China

Trojans are still the most popular category

More adware apps have rooting functionality

Google Play isn’t 100% safe

Ransomware persists

 

Attack Vectors:

Phishing: using new tactics to evade detection (JavaScript prevents leaving a page; Plain text avoids HTML analysis).


  • The average user has a 92% chance of visiting a zero-day phishing site
Social Engineering – phishing macro infection (ex. A fake USPS package delivery failure email)

 

Angler/Bedep/Neutrino Explots kits


  • Been around since late 2013
  • 80% of all Drive-by-Attacks this year
  • Attack Flash Player, Java, word and Silverlight vulnerabilities
  • Bedep helps stifle the research process
  • Cyber Criminals using Angler generate $3M/month
  • Neutrino just recently took over Angler
 

Malvertising explained:


  • Cyber criminals submit booby-trapped advertisements to ad networks for real time bidding processes
  • Malicious ads rotate with normal ads on legitimate, highly reputable sites
  • Users visits site with an infected ad
  • Invisible iframe redirects to exploit malicious code attacks the system
  • Malicious software is installed – usually Encrypting Ransomware
 

Ransomware:

TeslaCrypt:


  • Accounted for 11% of distributed ransomware
  • Increased the scope of files tremendously
  • Specifically targets gamers
  • Gets past 3rd party “CryptoPrevent” solutions & custom group policies
  • Just recently shut down in June
Locky – has the largest victim rate currently at 90k/day.


  • Recently locky was creating the extension “.zepto” and was offline, however it has since moved to using another extension “.odin”
  • Latest iteration of the Locky ransomware campaign and has no bugs in its cryptography implementation
  • For a majority locky operators are using scripts (WSF, JS, VBS, HTA) to download payloads. Now seeing Facebook campaign to download Nemucod into Locky
  • Cheapest Ransom at 1 Bitcoin - $650 USD
    • Can mask itself as a Chrome extension sent to you through a Facebook messagehlist]
    • It then uses your Facebook profile to spread it to all of your Contacts
[/list]Crysis (.XTBL):


  • We’ve seen this ransomware for about 9 months – Originally targeted businesses in Australia and New Zealand
  • It’s delivered via guessable username/passwords for RDP enabled systems
  • Brute force utility such as “Dubrute” is used to brute force credentials for systems which have port 3389 open
  • The attacker usually remotes into the system manually, places the payload on the desktop, and runs it
Coming in at #1 for all Ransomware is...LOCKY!


  • Cheapest Ransom at 1 Bitcoin - $650 USD
  • Most victims per day at 90,000
  • 2,610 payouts per day
  • Per Day earnings is $1,093,590 USD
  • Per Month Earning is $32,807,700 USD
  • At this rate they’ll earn almost $393,692,400 USD a Year!
(All made possible by their innovative and broad phishing campaigns)

Per Day earnings is $1,093,590 USD

 

Emerging Hacks for IoT Devices:


  • Continued Hacks for Cars
  • Mira Source Code Released (link to article)
  • Ransomware for Thermostats
 

Quick guide – five easy-to-follow tips to stop Ransomware:

 

Click here to view the full Recorded Video

(You'll need to register to view the webinar, don't worry it's completely free!)

Reply