Malwarebytes State of Malware 2019 says Macs were the focus
of attacks in 2019.
To put Malwarebytes State of Malware 2019 in perspective, you need to ask about the methodology. Malwarebytes is a highly effective adware, malware, adware, potentially unwanted program (PUP) scanner used primarily by business. Its free scanner is my choice to check on the efficiency of other AV apps.
So, its ‘audience’ is a snapshot of its users. Malwarebytes State of Malware 2019 (report here) comprises data sets collected from product telemetry, honey pots, intelligence, and research conducted by Malwarebytes threat analysts.
So in making any statement, it knows the number/type of endpoints and relates that back to incidents per endpoint type. The report has statistical merit.
Malwarebytes State of Malware 2019
Adware (cybercriminals use malware to deliver unwanted ads to gain revenue) reigns supreme for both consumers and businesses on Windows, Mac, and Android using ever more aggressive techniques.
While Adware is more a nuisance the difficulty in removing it escalated.
Adware: 30 million Mac detections (24 million
Mac threats increased more than 400% over 2018
11 threats per Mac endpoint (5.8 threats Windows)
Top of the list is adware NewTab
Macs became the more attractive targets to cybercriminals. macOS built-in security systems have not cracked down on adware and PUPs to the same degree as malware. It leaves the door open for borderline programs to infiltrate.
NewTab is an adware family that attempts to redirect searches in the web browser. It comes in apps with embedded Safari extensions. These include fake flight, package tracking, maps, or directions pages.
Traditional Mac malware, such as backdoors, cryptominers,
and spyware came via by a group of files exhibiting similar malicious behaviours.
OSX.Generic.Suspicious is a group of detections all exhibit known bad behaviours
that no legitimate software program would engage in.
Only one incident involved anything other than tricking the user into downloading and opening something they shouldn’t.
If 2019’s threat landscape tells us anything, it’s that it’s
time to take a good hard look at Mac security and finally get serious.
Global Windows malware detections stayed at 2018 levels. But attacks on business endpoints increased by 13%. Cybercriminals follow the money looking for high ROI victims.
As the business world finally moves the security-hardened Windows
10, the efficacy of old malware relying on un-patchable CVEs dries up. And
Windows users are more likely to run AV whether it be the free Windows Defender
or a paid product. Windows users are perhaps more aware of the need for care.
In the consumer area, it was Adware and bitcoin mining
relying on vulnerabilities in older Internet Explorer and more recently the
Chrome engine (the latest attack vector). Making money from Crypto mining has almost
dried up. Trojan/ransomware activity declined because consumers simply won’t
pay the ransom.
In the business area, Trojan-turned-botnets Emotet and
TrickBot returned in 2019 to terrorise organisations alongside new ransomware
families, such as Ryuk, Sodinokibi, and Phobos.
A flood of hack tools and registry key disablers made a splashy debut in our top detections. This reflects a greater sophistication by today’s business-focused attackers.
iOS malware exists, but there’s no way to scan for it (Apple
will not allow AV companies access). Most iOS malware is nation-state malware,
spread via targeted attacks through ‘secret’ iOS vulnerabilities/backdoors,
such as NSO’s Pegasus spyware. This year China used iOS zero-days to infect
phones in targeted attacks against the Uyghur and Hong Kong people.
An unprecedented zero-day vulnerability dubbed checkm8 was
found in iPhone boot ROMs (up to iPhone X) as well other iOS, watchOS, and tvOS
devices. You cannot patch a boot ROM; the only way to fix the bug is to buy a
new iPhone 11 or device.
There are two types of Android malware, and one is extremely
Pre-installed Malware – needs access to a device at the manufacturer level
Adups is a malicious app found on many Chinese-made low-cost Android mobiles. This baked-in auto-installer has administrator rights to update the device’s firmware, but it also steals personal information, contacts, SMS, photos and more. It can install Android Trojans and adware.
It is most prevalent on ‘international’ (non-Australian
certified) phones sold by online marketplaces like Amazon, Kogan/Dick Smith,
Mobileciti etc. or for phones purchased overseas.
Run Malwarebytes to see if it is on your phone. It is damned hard to remove as its ‘baked-in’ and often reoccurs randomly. There is a strong rumour that it is linked directly to the Chinese Communist Party as is ‘Study the Great Nation’ app.
Stalkerware (for iOS and Android)
The new threat is stalkerware. Apps that enable users to monitor another’s every digital move. That includes collecting data without their informed consent: GPS location data, photos, emails, text messages, call logs, contacts lists, non-public social media activity, and more.
Some stalkerware apps are installed without displaying an
icon or remotely operate a user’s device, microphone, or camera. With over 100
new variants added in 2019, we are taking an even harder stance on these creepy
apps, some of which still appear in Google Play and Apple’s iTunes stores.
Adware is an ongoing issue as the entire monetary basis of
Android is serving ads. Symptoms are the aggressive display of advertisements including
but not limited to: ads in notifications, on the lock screen, and full-screen
pop-ups. Much of this comes in so-called Ad-blockers and other fake apps.
You can get an infection simply by visiting an infected
website- called Drive-By Shootings.
It may be a combination of a phishing email (with a
compromised Word.doc or steganographic image) directing you to a website where
the final payload downloads and combines to form malware. Or you may be using
an old version of IE or even Chrome (including the new MS Chromium-based Edge),
less so with Firefox.
Online shoppers are the target of credit card skimmers/scrapers, also known as web skimmers. More generally referenced as Magecart. Unlike other attacks that often require infection (banking Trojans) or social engineer them (phishing), web skimming works quietly on all devices and browsers. This makes it particularly effective and scalable to harvest and monetise stolen credit cards.
Malvertising takes control of your search engine and redirects
you to advertising pages.
Bitcoin miners use your computers CPU while you are on a
Threat actors (likely State-sponsored) turned up the heat on
industry attacks, bringing US cities to a screeching halt with ransomware
infections, halting daily instruction in schools compromised with Emotet, and
putting patient lives at risk in TrickBot attacks on healthcare organisations.
Malwarebytes comments that big and small tech is subject to
extreme attacks to gain user data. Or they just sell it to monetise it!
2019 was supposed to be the year of privacy, but users fell
over themselves to give their data away on scams as evident as ‘win a pizza to share
Maybe by 2029, we will see meaningful legislation and protection
for your data.
And for 2020
Ransomware will focus on those that pay – businesses
Web skimmers are easy money, and it won’t be safe to buy on-line. We can expect to see many novel attack techniques introduced.
Web surfing will be even more dangerous if you use an old browser or Chromium based one
Biometrics and genetic tracking, e.g., Facial recognition, consumer DNA kit, menstrual tracking, baby-making, private health information etc. will result in way too much personal data sold. The increased use of biometric data for authentication calls for stronger regulations for data privacy. Consumers and pro-privacy organisations will push hard on lawmakers to make that a reality in 2020.
US voters will call into question the reliability of the voting process, especially if the results of the 2020 presidential election once again fail to align with Democrat projections. But it is really fake news with Nation-state actors tasked with destabilising the country. Scammers and malware authors will use the election to spread their threats via phishing emails. Unfortunately, users following propagandist or radial publications on both sides of the political spectrum will believe what they want to believe. Regardless of scam tactics or potential voting machine compromises, the real threat will be the attacks on our hearts and minds through social media and media manipulation.
Hybrid attacks are the new black. Get a foot in the door with phishing or adware, visit a site and get part two of the malware. Then wait for ‘dwell-time’ to strike when the information flow back to cybercriminals says its time.
GadgetGuy’s take – Malwarebytes State of Malware 2019. It is my weapon of choice
Please know that we publish most security materials as a
public service under the title eSafety. The more you read, the more you may
Malwarebytes focuses on endpoints – phones and computers where
a threat can get a foothold and spread further to the network. It has enterprise
Make no mistake – if you surf the web, buy on-line, get caught
by a socially engineered phishing email or whatever without suitable protection,
you are in for a world of pain.
We recently reviewed Norton 360 – the companies comprehensive suite. It is damned expensive but at least twice a year it has saved my families bacon. I run it on every computing device because you can’t afford a weak link.
Whether its Norton, Kaspersky, McAfee et al. you need paid
protection. Protection is perhaps not the right word – it smacks of mafia
The right words are confidence and resilience. The ability
to use the internet with some confidence and the resilience to withstand
attacks when you do.