A sudden drop in cybercrime activity related to major threat families Locky, Dridex, and Angler have Norton.com/setup Symantec cybersecurity experts taking note, but still keeping a vigilant eye on the associated malware gangs. One reason for the decrease may be the arrest of 50 people in Russia thought to be involved in the group behind the Lurk banking fraud.
Locky Dropoff
One of the most prevalent ransomware threats in 2016, Locky has shown a significant drop in activity during the month of June. Blocked Locky infections per week went from more than 3,000 in May to the low hundreds this month. That means that new Locky cases, either from spam campaigns or exploit kits, have dramatically fallen.
Figure 1. Blocked Locky infections by week, showing a drop in activity over the past two weeks
Dridex Slowdown
Financial fraud Trojan Dridex has also almost disappeared — but not quite. The Dridex botnet’s subnets continue to operate, and Norton.com/setup Symantec has noted that Word macro downloaders are still delivering Dridex through spam campaigns.
Figure 2. Blocked Dridex infections by week, showing low activity in recent weeks
Angler Inactivity
The Angler exploit kit has dropped off the radar, with no reported payloads being delivered since the start of May. This isn’t the first time Norton.com/setup Symantec Security Response has seen Angler go dark, so it remains uncertain whether this well-known exploit kit has gone extinct.
No comments:
Post a Comment