AppRiver Security Report Finds Ransomware Most Prevalent Cyber-Threat

Mobile malware broke out from its niche category in 2016, AppRiver said. Android and its associated third-party app markets are still “hotbeds” for mobile malware. But, the company added, iPhone users soon might be faced with more threats.

The state of malware in 2016 was concerning. AppRiver’s email service SecureTide quarantined about 15.5 billion malware-infected emails last year, up more than 800 percent compared to 2015. May was the worst year for malware, with nearly 2.5 billion malware-infected emails captured by SecureTide.

Spam remained an annoyance globally last year. In 2016, AppRiver quarantined 30.4 billion spam messages, including 4 billion in May. January saw the least, with more than 1 billion spam messages quarantined by AppRiver. More than half of the spam messages either had malware or led people to malware.

The United States continues to be the top target for spam, receiving more than 7 billion spam messages in 2016. In contrast, Germany saw more than 1 billion spam messages. The Netherlands, Brazil and Mexico rounded out the top five spam targets.

AppRiver said internet of things botnets will continue to wreak havoc on companies and believes the threat of DDoS will get worse in the coming months. Ransomware will become more sophisticated and mobile malware’s star will rise in 2017, the company added. Also, nation-states will expand their cyber-aggression and increasingly target each other.

AppRiver’s 2017 Global Security Report is sobering. AppRiver assessed the threats facing businesses and consumers around the globe and concluded that most of the trends that impacted people in 2016 are still posing problems in 2017. Ransomware was one of the most serious in 2016. Enterprises and individuals were victimized by sophisticated hackers targeting internet of things devices. Large companies suffered “major setbacks” financially and to their business operations falling victim to cyber-attacks. Furthermore AppRiver found that the threat of what it calls nation-state “cyber aggression” remains prevalent. But it wasn’t all bad news. AppRiver noted that legislation has reached the U.S. and UK to target security threats. AppRiver’s report indicated it’s that 2017 could be the year law enforcement starts to turn the tide again cyber-criminals and cyber-attacks.

AppRiver called 2016 the “year of the ransom.” The company noted the “majority” of malicious attacks last year were ransomware and said the hack is exceedingly profitable for malware authors, many of whom sell their code on the Dark Web.

Legislation in the United States and UK could help rein in cyber-threats, according to AppRiver. U.S. actions include amending Rule 41 to allow investigators to more easily access and investigate possible hacks through modified warrant regulations. In the UK, a bill allows police to hack into networks, computers and mobile devices after obtaining a warrant.

The internet of things has become an attractive frontier for hackers who have exploited what AppRiver said is a “glaring lack of security” built into nanny cams, smart home appliances and other devices. In most cases, hackers use IoT devices to create botnets that can launch distributed denial-of-service attacks on companies.

AppRiver noted that Mirai is the world’s largest internet of things botnet and is capable of DDoS attacks using more than 600Gb of data per second. Mirai was instrumental in taking down DNS provider Dyn and negatively affecting Netflix and Twitter in 2016.

Spearphishing, which allows hackers to more effectively choose and target their victims, grew in popularity last year. In January, AppRiver saw fewer than 6,000 spearphishing attacks. By the end of the year, there were more than 18,000 spearphishing attacks monthly.