Back in 2008 McAfee researcher Toralv Dirro posted a blog on new malware growth slowing – admittedly from an exponential rate to straightforward linear growth – around 20,000 new malware samples each day. He then went on to say that “Now with constant, although still massive, growth there is some light at the end of the tunnel for the security industry”.
Unfortunately this 2008 malware plateau was a temporary respite – by 2010 new malware creation had tripled to 63,000 and in 2015 the quantity received by PandaLabs topped out at 230,000 new samples every day.
Over the last 12 months PandaLabs have seen a levelling-out of new malware at around 200,000 samples per day. This trend is verified by statistics from malware lab AV-Test, and it would appear for the first time in forever the amount of new malware samples released this year will be lower than the previous year.
For 2016 the red section shows current new malware registered by AV-Test up to 16th Nov and the blue section projects this malware to year end – less than last year.
So we’re all safer now, right?
Wrong. There are still 200,000 new malware samples every day and cyber-attacks are showing they are more dangerous than ever – with cybercrime making up more than 50% of crimes committed in some countries.
This new malware creation plateau can be attributed to:
- Less traditional malware – Viruses and worms are being dropped in favour of Trojans, especially ransomware.
- Highly targeted malware attacks – Upwards of 90% of malware is unique to a specific endpoint rendering signature and heuristic detection useless, and the samples less likely to reach malware labs.
- Self-destruct malware – we are seeing examples of Ransomware and APTs that once successful in their mission delete themselves, as if antivirus vendors can’t identify the malware it can be used again.
Also attackers are using alternative techniques to gain access:
- Social engineering – the amount of data freely available on for businesses and endusers online means compromising their systems can be done without malware.
- File-less attacks – there has been an increase of threats that instead of using malware files they abuse legitimate system tools (such as PowerShell) in conjuction with registry entries, allowing to exfiltrate data from a business – with no exploits used, no malicious URLs and no malware ever touching the system.
- The rise of the Internet of Things – Routers, IP cameras and even thermostats and baby monitors, with poor security design and often default settings, are giving easy access to work and home networks. Once in the crooks have easy access to your data or can use your devices to conduct Distributed Denial of Service (DDoS) attacks on others.
To combat the evolving threat landscape Gartner recommend that businesses improve their existing security with Endpoint Detection and Response solutions, such as Panda Adaptive Defense.
Written by Neil Martin, Marketing Manager at Panda UK.