Q1 2016 Sees 93% of Phishing Emails Contain Ransomware

PhishMe’s Analysis of phishing campaigns, in first three months of 2016, shows an intensified 789% year-over-year spike in malware and phishing threats

Leesburg, (Va. USA) & London (UK) – June 04 2016-  PhishMe, a global provider of phishing-defense solutions for the enterprise, today revealed that its analysis of phishing email campaigns from the first three months of 2016 has seen a 6.3 million increase in raw numbers, due primarily to a ransomware upsurge against the last quarter of 2015. That is a staggering 789% jump.

Published today, PhishMe’s Q1 2016 Malware Review identified three key trends previously recorded throughout 2015, but have come to full fruition in the last few months:

  • Encryption Ransomware
  • Soft Targeting by Functional Area
  • Downloader/Ransomware: the one-two combination

“Thus far in 2016, we have recorded an unprecedented rise in encryption ransomware attacks, and we see no signs of this trend abating. Individuals, small- and medium-sized businesses, hospitals, and global enterprises are all faced with the reality that this is now one of the most favored cyber criminal enterprises,” explains Rohyt Belani, CEO and Co-Founder of PhishMe.

Rohyt continues, “Another 2015 trend that emerged into fuller fruition during the first quarter of 2016 is threat actors’ use of soft targeting in phishing. In contrast to both broad distribution and the careful targeting of one or two individuals via spear phishing emails, soft targeting focuses on a category of individuals based on their role within any organization anywhere in the world. Criminals target this subset with content relevant to their role. Such malicious emails are typically accompanied with Microsoft Office documents laden with malware or the ability to download the same.”

Towards the end of 2015, PhishMe’s Research team hinted toward the growing prevalence of JavaScript downloader applications as a malware delivery mechanism. During the first three months of 2016, most notably through its prolific use by the distributors of Locky, this prediction did indeed materialize as expected. Rohyt confirms, “During the first quarter, JavaScript applications even surpassed Office documents with macro scripts to become the most common malicious file type accompanying phishing emails. JSDropper applications were present in nearly one third of all phishing email analyses performed by PhishMe.”

Whether threat actors execute encryption ransomware attacks via phishing messages, deliver personalized messages to a functional area of an organization, combine Dridex or Locky with JSDropper or Office documents with macros for delivery, the impact on the victimized organization is significant as they have to expend scarce incident response resources on the clean up effort, manage a potential public relations nightmare, and in some cases even cave in to hacker demands of paying the ransom being demanded.

Rohyt concludes, “As the frequency and magnitude of such phishing attacks increase, the importance of empowering humans to avoid and report them, and giving incident response teams the ability to rapidly react to such reports has never been more acute.”

To download a full copy of the Q1 2016 Malware Review, click here.

 

About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.

PhishMe Launches New ‘Active Threats' Phishing Simulations To Help Combat Ransomware
2016 Q1 Malware Review – Available Now

Leave a Reply