Australia ranks in the top ten countries for hosting high-risk URLs – and more than 65% of those URLs are used for phishing purposes. Australia also ranks significantly for malware and spam threats.
Those are the statistics coming from Webroot’s Annual Threat Report, which found that for every new phishing URL impersonating a financial institution, there were more than seven impersonating tech companies.
This year the top three phishing targets were all global tech companies: Google, Yahoo and Apple.
This suggests it may now be easier to phish a technology account and because passwords are reused, they’re more valuable to hackers.
“The continued increase in sophistication and volume of phishing attacks, ransomware, and polymorphic malware mean we are at greater risk than ever from cybercriminals,” comments Hal Lonas, chief technology officer at Webroot.
The company also discovered that phishing attacks are getting shorter, with the longest site active for less than two days. 84% of all sites were active for less than 24 hours, and the shortest active site clocked in at 15 minutes.
In terms of malware trends, ‘polymorphism’ was the word of 2016, which describes each instance as unique and undetectable by traditional signature-based security approaches. 94% of all malware and potentially unwanted application executables were only seen once.
Ransomware also continued its domination, with the Locky ransomware remaining king. The FBI estimated that ransomware attackers would rake in more than $1 billion in ransoms in 2016, and Webroot expects this trend to continue through 2017.
More than half of new and mobile apps were malicious or suspicious, according to Webroot. This accounts for more than 10 million – a huge increase from the two million in 2015. The company expects Android’s growing popularity will be a breeding ground for adware.
Trojans are the most popular mobile app threats, account for 60% share.
In 2016, 33 million unique malicious IP addresses appeared on Webroot’s blacklist, an increase from 2015. Attackers are also changing IP addresses to avoid detection, which is highlighted by statistics that showed more than 88% of the top 10,000 malicious IP addresses used in attacks showed up only once.
“It’s clear that relying on threat lists, virus signatures, and simplistic rules for protection is wholly insufficient against a threat landscape that is constantly evolving. Proven, real-time machine learning-based analysis that includes an understanding of threat behavior and context is necessary for accurate decision making and protection from today’s threats,” Lonas concludes.