To check out the first half of Limor Kessem's 2016 malware retrospective click here: Big Malware Moments of 2016 Part 1
The Revived
Every year has its newcomers, but 2016 actually had a couple of re-comers.
· In late August 2015, the Ramnit Trojan made yet another re-appearance in the cybercrime arena. Ramnit underwent a law enforcement takedown in early 2015. It attempted one comeback in December 2015, then went silent for eight months. Ramnit has since made its second return this August, targeting UK banks, and expanding its target list to include France and Australia by early October.
· In September 2016 we saw another malware picking up speed; the Qadars Trojan. This banking malware seems to fly under the radar when it comes to its ongoing activity, but in reality, it is just as sophisticated and furtive as other banking Trojans. Qadars has been expanding its target lists, attacking banks in the Netherlands, the US, and the UK, for the most part.
The Mobile Flavor
With mobility changing everything we do as humans in this day and age, especially the way we bank and pay, it is no wonder that cybercrime has migrated to mobile platforms in almost every way it affects PC users. Like other malware codes, mobile Trojans also had some interesting moments this year.
· February 2016: GM Bot has its source code leaked, and gives rise to other offspring as a result.
· February 2016: GM Bot's developer quickly release a new version of the malware thereafter, declaring he wrote the new code ‘from scratch'.
But GM Bot is far from the only player in the mobile sphere. The Android platform has been seeing a sharp rise in every aspect of the cybercrime supply chain migrate over, from infection campaigns, to exploits, to malicious apps and Trojans, and crafty malware C&C – all being adapted by cybercriminals in their quest to get closer to the coveted potential victim, on the go.
· June 2016: The Marcher mobile bot upgrades its overlay capabilities and expands its target list. Marcher is believed to be operated by cyber-gangs that use the same ‘business' model of PC malware groups. It resembles classic malware also in the way it is updated on an ongoing basis, and expands its target lists.
Other mobile malcodes we saw this year are peddled in underground boards, and in most cases see their developers banned at some point, mostly due to bad customer service. Remember: code development and customer support are two completely different art forms.
The Unexpected
Last and not least on this post, is a finding that doesn't have to do with malware, but that gives malware a good run for its (stolen) money.
· September 2016: Interactive Live Phishing.
Phishing? That old thing?! Yes, phishing. This dated threat has been around in its current form since 1995, yet Phishing attacks have hit yet another record high in 2016, as reported by the APWG.
Interactive phishing is designed to tool up phishing attacks with the capabilities banking Trojans have to trick online banking customers, and extract critical transaction authenticators from them, in real time. This case discovered by IBM Security proves that not only are phishing attacks still going strong, they are seeing continued innovation.
Interactive phishing is the unexpected old cybercrime threat that learned a new trick and emerged this year right from the blind spot. Who would have thunk it?
Cybercrime is Here to Stay – It's Us Who Have to Change
Cybercrime, cyber-criminality, fraud, con artists, organized crime… those are all here to stay, and will continue to move their malicious operations to the Internet and the digital realms. They are not going away – it's us who have to change.
One step towards changing the game has to come from the most basic and primary place: ourselves and our children. By teaching the dangers of cybercrime to the young, by educating in schools right from grade one, and by taking the time ourselves to learn more and tell more, we can start making cybercrime less and less lucrative, and push it down to a place where it just no longer pays. Happy 2017 everyone!
