The 2016 Malware Awards

  • 15 November 2016
  • 1 reply

Userlevel 7
Badge +35
  • Retired Webrooter
  • 831 replies
Join us for the 2016 Malware Awards on November 22, 2016! This webinar will provide expert insights on the latest cybercriminal activity and recognize the year's most innovative, dangerous, and pervasive malware. Specifically, we will be covering the latest developments and providing updates on Angler, Neutrino, CryptXXX, TeslaCrypt, Locky, Cerber, CryptoMix, and RaaS. Come learn about these developments and strategies to help secure your organization from ransomware and next-generation cyberthreats.
Presented by Webroot's Senior Threat Research Analyst, Tyler Moffitt
Tuesday, November 22
10 am PST, 11 am MST, 12 pm CST, 1 pm EST
Register Here

1 reply

Userlevel 7
Our 2016 Malware Awards webinar on November 22nd was a great success with 192 live attendees!
If you weren't able to attend live recording (or just want a quick snapshot), here are the main highlights.
In the first 6 months of 2016:
  • Over 400% growth of PUA
  • Over 500% growth of malicious apps
  • More than 300% growth in Android Apps
The fastest growth of new malicious apps is in China
Trojans are still the most popular category
More adware apps have rooting functionality
Google Play isn’t 100% safe
Ransomware persists
Attack Vectors:
Phishing: using new tactics to evade detection (JavaScript prevents leaving a page; Plain text avoids HTML analysis).
  • The average user has a 92% chance of visiting a zero-day phishing site
Social Engineering – phishing macro infection (ex. A fake USPS package delivery failure email)
Angler/Bedep/Neutrino Explots kits
  • Been around since late 2013
  • 80% of all Drive-by-Attacks this year
  • Attack Flash Player, Java, word and Silverlight vulnerabilities
  • Bedep helps stifle the research process
  • Cyber Criminals using Angler generate $3M/month
  • Neutrino just recently took over Angler
Malvertising explained:
  • Cyber criminals submit booby-trapped advertisements to ad networks for real time bidding processes
  • Malicious ads rotate with normal ads on legitimate, highly reputable sites
  • Users visits site with an infected ad
  • Invisible iframe redirects to exploit malicious code attacks the system
  • Malicious software is installed – usually Encrypting Ransomware
  • Accounted for 11% of distributed ransomware
  • Increased the scope of files tremendously
  • Specifically targets gamers
  • Gets past 3rd party “CryptoPrevent” solutions & custom group policies
  • Just recently shut down in June
Locky – has the largest victim rate currently at 90k/day.
  • Recently locky was creating the extension “.zepto” and was offline, however it has since moved to using another extension “.odin”
  • Latest iteration of the Locky ransomware campaign and has no bugs in its cryptography implementation
  • For a majority locky operators are using scripts (WSF, JS, VBS, HTA) to download payloads. Now seeing Facebook campaign to download Nemucod into Locky
  • Cheapest Ransom at 1 Bitcoin - $650 USD[list]
  • Can mask itself as a Chrome extension sent to you through a Facebook message[list]
  • It then uses your Facebook profile to spread it to all of your Contacts
[/list][/list]Crysis (.XTBL):
  • We’ve seen this ransomware for about 9 months – Originally targeted businesses in Australia and New Zealand
  • It’s delivered via guessable username/passwords for RDP enabled systems
  • Brute force utility such as “Dubrute” is used to brute force credentials for systems which have port 3389 open
  • The attacker usually remotes into the system manually, places the payload on the desktop, and runs it
Coming in at #1 for all Ransomware is...LOCKY!
  • Cheapest Ransom at 1 Bitcoin - $650 USD
  • Most victims per day at 90,000
  • 2,610 payouts per day
  • Per Day earnings is $1,093,590 USD
  • Per Month Earning is $32,807,700 USD
  • At this rate they’ll earn almost $393,692,400 USD a Year!
(All made possible by their innovative and broad phishing campaigns)
Per Day earnings is $1,093,590 USD
Emerging Hacks for IoT Devices:
  • Continued Hacks for Cars
  • Mira Source Code Released (link to article)
  • Ransomware for Thermostats
Quick guide – five easy-to-follow tips to stop Ransomware:
Click here to view the full Recorded Video
(You'll need to register to view the webinar, don't worry it's completely free!)