News

Malware: Reporting vs. threat perception

malware threat perception

Silobreaker’s Time Series tool

 

Silobreaker gives users the power to spot developing trends early and separate valuable information from hyperbole. Three stories have hit the headlines over the last four days, each receiving different amounts of attention.

What can we learn about these threats from Silobreaker’s Time Series?

First off, it’s important to note that the amount of airtime dedicated to such stories is rarely proportionate to the danger they actually pose.

Most media outlets focus on three aspects of malware when they report it:

1) Is it new?

2) Is it (potentially) scary?

3) Is it already gaining traction?

Now, the media aren’t misguided in prioritising in such a way, however, such chatter can serve to stifle discussion about serious threats by inflating the danger of more ‘interesting’ malware.

Case in point: Mazar Bot.

Mazar Bot roots Android phones. It can read and send texts, download additional apps or wipe storage. It sends a text to an Iranian phone number confirming infection, but is probably run by a Russian gang.

All very exciting.

Yet it’s relatively difficult for Mazar to successfully infect victims.

Targeted users first have to follow a link received from an unknown contact and then install a downloaded .apk file. The file, like most mobile apps we use, will ask for wide ranging permissions to function. Only after giving Mazar these permissions will users be compromised.

So, it’s more than likely that those who get infected are either distracted or have little concept of cyber security. Yet the deluge of news about Mazar Bot over the past few days has been unending and at points, hysterical.

Meanwhile, the APT behind the Dridex banking malware was experimenting with new attack vectors.

Only when interest in Mazar Bot began to wane was it reported that the Dridex group were distributing tidal waves of spam laced with a new ransomware known as Locky.

In fact, news of Locky had appeared days earlier, just as Mazar Bot was being widely reported.

Reports state that Mazar Bot has infected 100,000 individuals in Denmark, but Locky has already hit hundreds of computers across the world.

Visibility is obviously higher on ransomware infections than data theft, but we already know how vulnerable employees are to attachments marked ‘Invoice’ or ‘CV’.

Forewarned is forearmed

While not as flashy as android malware that can wipe your drive, ransomware is more easily distributable and far more compromising – just talk to anyone at Hollywood’s Presbyterian Hospital.

The Silobreaker Team

More News

  • Silobreaker Daily Cyber Digest – 21 September 2017

    Malware CryptoMix ransomware variant appends .shark extension to encrypted files > The SHARK variant uses one of three domains for victim contact payment information....
  • Silobreaker Daily Cyber Digest – 20 September 2017

    Malware aIR-Jumper Malware uses security cameras with infrared capabilities to steal data > aIR-Jumper takes collected data, breaking it down into binary and leveraging...
  • Silobreaker Daily Cyber Digest – 19 September 2017

    Malware New Locky ransomware variant switches to .ykcol extension > Stormshield reports that the variant is distributed via spam emails containing a VBS file...
View all News

Request a demo

Get in touch