Mixed Cybersecurity Trends Revealed in 2017 Webroot Threat Report
“The good news and the bad news,” has been a classic theme in comedy routines for years, but there’s nothing funny about the findings in Webroot’s new 2017 Threat Report. While MSPs can take some comfort in learning that one category of cyber threats has significantly decreased, the sobering truth is that overall trends for endpoint security threats are largely negative.
Throughout 2016, Webroot continuously produced threat intelligence based on its broad and deep understanding of current and emerging threats. The Webroot Threat Research team then analyzed the year’s entire body of threat intelligence to identify the most important trends that MSPs and their clients must be aware of during 2017. Key findings from the Threat Report include:
The Good News
A notable positive trend in 2016 involved executable files. Of the hundreds of millions of new executable files observed during the year, only 2.5% were malware and 2.2% were potentially unwanted applications (PUAs)—both significant reductions from previous years. Furthermore, the monthly counts for new PUA executable files dropped over 80% from January to December.
The glaring exception to this otherwise positive change in executable files is ransomware; incidents involving ransomware caused largely-unreported losses estimated in the billions of dollars during 2016. Ransomware is expected to be an even bigger problem in 2017, given the continued success of Locky ransomware and the availability of numerous exploit kits and ransomware-as-a-service.
To mitigate ransomware and other executable threats, MSPs should continue to use innovative cybersecurity solutions that can detect and stop both known and previously-unseen malicious executable files in real time.
The Bad News
Unfortunately, there were numerous negative trends in 2016:
- Approximately one-third of URLs with sufficient information available to determine a risk category were identified as high risk.
- Phishing attack life cycles continue to drop; some phishing attacks now last just minutes, while the average phishing attack life cycle is under 15 hours.
- Phishing attacks rarely use dedicated domain names anymore; instead, they rely on attackers acquiring and using web pages in established benign domains.
- The number of unique zero-day phishing URLs Webroot observed each month grew throughout 2016, with almost twice as many URLs detected in the fourth quarter as in the first quarter.
- The number of new and updated Android® apps that Webroot classified as malicious or suspicious each year dramatically increased from approximately 2 million in 2015 to nearly 10 million in 2016.
Considered together, these trends indicate a major increase in attacks based on malicious Android apps and malicious URLs. In order to comprehensively protect their clients, it is critical that MSPs implement robust strategies for detecting and stopping these threats.
The relentlessly dynamic nature of today’s websites—benign one minute, compromised the next—and the sheer volume of URLs and Android apps accessible to your clients render conventional, relatively static antivirus solutions utterly obsolete.
To properly safeguard their customers, MSPs must adopt endpoint protection technologies backed by threat intelligence that is constantly updated with the latest information on malicious and suspicious activity. This type of threat intelligence is the only solution that enables the automated, real-time, highly accurate decision making necessary for MSPs to shield their clients from the rapidly-increasing number of attacks they face each day.
To learn more, download your free copy of the 2017 Webroot Threat Report here.