Malware: Reporting vs. threat perception

malware threat perception

Silobreaker’s Time Series tool


Silobreaker gives users the power to spot developing trends early and separate valuable information from hyperbole. Three stories have hit the headlines over the last four days, each receiving different amounts of attention.

What can we learn about these threats from Silobreaker’s Time Series?

First off, it’s important to note that the amount of airtime dedicated to such stories is rarely proportionate to the danger they actually pose.

Most media outlets focus on three aspects of malware when they report it:

1) Is it new?

2) Is it (potentially) scary?

3) Is it already gaining traction?

Now, the media aren’t misguided in prioritising in such a way, however, such chatter can serve to stifle discussion about serious threats by inflating the danger of more ‘interesting’ malware.

Case in point: Mazar Bot.

Mazar Bot roots Android phones. It can read and send texts, download additional apps or wipe storage. It sends a text to an Iranian phone number confirming infection, but is probably run by a Russian gang.

All very exciting.

Yet it’s relatively difficult for Mazar to successfully infect victims.

Targeted users first have to follow a link received from an unknown contact and then install a downloaded .apk file. The file, like most mobile apps we use, will ask for wide ranging permissions to function. Only after giving Mazar these permissions will users be compromised.

So, it’s more than likely that those who get infected are either distracted or have little concept of cyber security. Yet the deluge of news about Mazar Bot over the past few days has been unending and at points, hysterical.

Meanwhile, the APT behind the Dridex banking malware was experimenting with new attack vectors.

Only when interest in Mazar Bot began to wane was it reported that the Dridex group were distributing tidal waves of spam laced with a new ransomware known as Locky.

In fact, news of Locky had appeared days earlier, just as Mazar Bot was being widely reported.

Reports state that Mazar Bot has infected 100,000 individuals in Denmark, but Locky has already hit hundreds of computers across the world.

Visibility is obviously higher on ransomware infections than data theft, but we already know how vulnerable employees are to attachments marked ‘Invoice’ or ‘CV’.

Forewarned is forearmed

While not as flashy as android malware that can wipe your drive, ransomware is more easily distributable and far more compromising – just talk to anyone at Hollywood’s Presbyterian Hospital.

The Silobreaker Team

More News

  • Silobreaker Daily Cyber Digest – 27 March 2017

      Malware New Botnet specialises in gift card fraud GiftGhostBot has been actively targeting online stores since February 2017. The botnet’s operators have been abusing...
  • Silobreaker Daily Cyber Digest – 24 March 2017

      Vulnerabilities SAP Infrastructure could be used to deploy ransomware on enterprise networks A remote code execution flaw (CVE-2017-6950) found in the SAP Windows...
  • Silobreaker Daily Cyber Digest – 23 March 2017

    Malware Malicious Word doc is able to infect both Windows and macOS A malicious Microsoft Word file has been discovered distributing malware to both...
View all News

Request a demo

Get in touch