Less Malware, Better Quality: AV-TEST

5.7.2017 securityweek Analysis

While the number of malware samples spotted in 2016 decreased compared to the previous year, threats have been more sophisticated, according to the latest security report from antivirus research company AV-TEST.

AV-TEST identified roughly 127.5 million malware samples last year, which represents a 14% decrease from the 144 million seen in 2015. This translates to approximately 350,000 new samples each day, or four new samples per second.

The number of samples may have declined, but malware is becoming increasingly sophisticated, as demonstrated by the NotPetya and WannaCry ransomware attacks, banking Trojans, and threats designed to target Internet of Things (IoT) devices. This includes complex encryption and increased flexibility in the case of ransomware, and the use of special malware in attacks aimed at the SWIFT banking network.

While the threat posed by ransomware has been made clear by recent attacks, this type of malware accounts for only less than one percent of the total share of Windows malware. Despite the small proportion, AV-TEST pointed out that, due to their mode of action and potential damage, these types of Trojans cannot be considered a marginal phenomenon.

“A level of distribution comparable to traditional viruses is not required to reap the greatest possible profit. Ransomware involves ‘high-tech malware’, which seeks its victims above all in a targeted business environment. For instance, emails infected with ransomware are sent out almost exclusively on weekdays,” AV-TEST said.

Ransomware development peaked in the first quarter of 2017, with more than 110,000 samples detected by the company in April.

The quantity of Windows malware has decreased, but AV-TEST noticed that the number of Mac OS samples increased by 370% to 3,033 samples – a majority of which have been classified as Trojans. More than 4,000 new samples were already identified in the first quarter of 2017.

 

The number of Android malware samples doubled in 2016 to over 4 million, with the largest spike recorded in June, when AV-TEST identified nearly 650,000 new pieces of malware. In the same month, the company spotted more than 9,200 exploits covering all versions of Android.

The complete AV-TEST Security Report 2016/2017 is available online in PDF format.