2015: A Big Year for Malware

Anyone who kept up with cybersecurity news in 2015 already knows it was a big year for malware and the cybercriminal gangs that develop it. Malware sophistication reached new heights with Dyre, Shifu and other gang-owned codes, revealing that the stereotypical lone-wolf hacker has been replaced by highly organized cybercrime. Indeed, today’s fraudsters are very professional and focused, and they are diversifying their targets in order to achieve bigger paydays.

With all the advances made in cybercrime throughout recent months, there is little reason to suspect that the evolution of increasingly complex malware strains and the magnitude of cybercriminal activity will slow down in 2016.

In a new white paper released by the Information Security Media Group, IBM Security Executive Security Advisor Limor Kessem discussed how malware evolved in the past year, the variants that concern her most and where organizations are now most vulnerable to attack.

What We Learned

In 2015, existing Trojans added new evasion features and theft mechanisms. New malware that emerged was increasingly modular and advanced, meaning it was able to better impersonate victims and hide its intentions in real time. Perhaps most alarmingly, this growing sophistication has revealed itself not only in banking Trojans, but also in mobile malware realms, as well.

One trend to watch in the mobile arena, Kessem cautioned in the paper, is overlay malware. In an overlay attack, fraudsters place a nearly identical fake application screen on top of a legitimate application, deceiving users into revealing personal data such as payment terminal logins, banking credentials or even credit card details.

With cybercriminals becoming more organized and developing more sophisticated and dangerous malware tactics, it’s no surprise that traditional defenses are struggling to keep up. As just one example, antivirus software cannot reliably detect morphed or rewrapped malware and therefore leaves the endpoint open to exploitation. This stronghold, whether on a personal or corporate device, is where the eventual fraud takes place.

Kessem emphasized that, in a world where malware evolves both rapidly and frequently, malware defenses must also be based on dynamic intelligence. Counteracting the most advanced malware codes requires an agility that is lacking in many current solutions.

Read the white paper to learn more about the latest advances in malware attacks

More from Advanced Threats

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today