Kaspersky Lab experts presented a panorama of information threats in the first quarter of 2019. The researchers drew attention to the active development of banking Trojans for Android and noted the success of machine learning in tracking new malware.
According to analysts, in the first three months of the year, the number of attacks of financial malware for mobile platforms increased by more than 60% compared to the previous quarter. The Svpeng family was the most active - its representatives were noted in 20% of detected incidents. It is worth noting that these Trojans also took four positions out of ten in the list of the most popular cryptographers.
On the second place in the ranking of banking Trojans is the malware Asacub. Since the beginning of the year, experts have already recorded several large-scale campaigns connected with it, which hit 13,000 hosts each day. The trojan spreads through malicious SMS and MMS messages sent through a list of contacts from infected devices. In total, Asacub accounted for 18% of attacks in the corresponding segment. Trojan-Banker.AndroidOS.Agent (15%) closes the top three most active financial malware.
As for banking Trojans for desktop computers, RTM (27% of attacks) and Zbot (23%) are most common. These two malicious programs are far away from the other participants in the ranking - Emotet, which occupies the third place, scored only 9%.
Desktop ciphers have slowed down somewhat in the middle of the quarter and revived in March again. Among them, analysts identified the activity of LockerGoga, which struck several large industrial enterprises around the world, the JNEC.a wiper attacks using the recent WinRAR vulnerability and a new threat to network NAS storage by the extortionist Cr1ptT0r. The good news of the first quarter is that the experts of the project NoMoreRansom picked up the key to GandCrab 5.1.
A separate part of the study is devoted to Microsoft Office vulnerabilities, on which 69% of exploits were built. In the first quarter of 2019, the attackers focused on the bugs of the outdated formula editor (CVE-2017-11882, CVE-2018-0802), a hole in the linking and implementation of third-party objects (CVE-2017-8570), and the SOAP WSDL parser error (CVE -2017-8759).
In browsers, experts counted five times less vulnerabilities than in Microsoft office products. The researchers noted the high activity of developers who quickly fix the problems found. However, serious threats periodically appear in this category - in March, users of 32-bit Windows 7 suffered from an exploit based on the zero-day vulnerability in Google Chrome (CVE-2019-5786).
In the first three months of 2019, the bulk of the threats were helped to neutralize machine learning and behavioral analysis technologies. More than half of the malware detected were blocked by information from the Kaspersky Lab cloud.
Means of machine learning on the server side recorded about 13% of all incidents. Another 4% fell on client applications that actually represent a key area of defense - here anti-virus systems encounter the newest representatives of malicious families that have passed unnoticed through other barriers.