Professional Documents
Culture Documents
QUARTERLY REPORT
Q1 2017
Panda Security | PandaLabs Report Q1 2017
Mobile devices
IoT
Robots and
personal
assistants
Cyberwarfare
Panda Security | PandaLabs Report Q1 2017
1. INTRODUCTION
Panda Security | PandaLabs Report Q1 2017
1
beyond any phenomenon we’ve ever experienced, and yet,
despite its many advantages, it is also largely ungovernable
and can be a source of unexpected obstacles for institutions,
businesses, and private users.
2. ANALYSIS
OF ATTACKS
Panda Security | PandaLabs Report Q1 2017
Q1
corporate environments. We’re looking for data points that
provide real added value.
in numbers To get data on the 'real infection' risk, we removed from the
statistics the following:
1. Firstly, we decided not to count any known malware
detectable by signatures (a number that reaches into the
hundreds of millions), since it is known malware that, to
a greater or lesser extent, every user with a basic antivirus
is protected from.
2. We also decided not to include heuristic detection, which
is capable of detecting malware that is not previously known.
fail. That way, we know that everything we stop at this layer is processes running on servers and stations throughout the IT
a completely new attack. infrastructure, forensic analysis, etc.
With this system in place, not only do we count attacks that It’s unsurprising that the number of attacks that manage to
use malware, but also add fileless attacks to the list, or attacks skip all protection layers in EDR’s Adaptive Defense are much
made through the abuse of legitimate system tools, something lower than in traditional technologies. It makes sense, but is it
increasingly common in corporate environments. really true?
This extra layer is what has allowed us to consistently Well, 2.83% of devices protected by traditional solutions
maintain excellent detection ratios in tests conducted with receive attacks from unknown threats. With devices protected
methodologies that imitate attacks as they happen in the real by our next-generation solution, that number drops to 0.83%.
world. In the AV-Comparatives tests conducted in the first
quarter of 2017, we obtained a 100% detection rate in the two In terms of geographical distribution of these attacks, we
Real-World Test tests, and in the Malware Protection Test we have calculated the percentage of machines attacked in each
received the highest achievement, with a 99.98% detection country. The greater percentage, the greater the probability of
rate and only 1 false positive, ahead of all our competitors. being attacked by new threats when using computers in those
countries:
Of all the devices protected by a Panda Security solution,
COUNTRIES WITH THE HIGHEST RATES OF 'REAL RISK' INFECTION IN
2.25% of them have suffered attacks from unknown threats.
THE FIRST QUARTER OF 2017
If we look at the type of customer, domestic users have
2.19% of attacks while in the case of companies the figure
is 2.45%. While it may seem counterintuitive, as corporate Indonesia 12,87%
networks have a much more elaborate defense system than Taiwan 9,21%
home computers, we must remember that companies are Malaysia 8,01%
dealing with more professional attacks. Corporations possess South Korea 5,56%
information that is infinitely more valuable than what one Belarus 5,38%
might find on any given home PC. Brazil 4,79%
Among our corporate clients, there are those who use Endpoint Pakistan 4,56%
Protection solutions and those who opt for our EDR solution Venezuela 4,05%
(called Adaptive Defense), which goes far beyond an antivirus Ukraine 3,73%
and offers extra functionalities, much more expansive levels Colombia 3,61%
of protection, classification, and monitoring in real time of all
Panda Security | PandaLabs Report Q1 2017 9
Asia and Latin America are the regions with the highest
infections.
Below you can see the 10 countries with the lowest rate of
infection:
Belgium 1,04%
Slovenia 1,01%
France 0,98%
Greece 0,95%
Ireland 0,85%
Sweden 0,85%
Netherlands 0,66%
Denmark 0,65%
Czech Republic 0,55%
Finland 0,34%
3. THE EVOLUTION
OF THREATS
Panda Security | PandaLabs Report Q1 2017
3
selected randomly — attacks are targeted, coordinated, and
make use of different vectors.
of Threats
Panda Security | PandaLabs Report Q1 2017 12
4. THE QUARTER
AT A GLANCE
Panda Security | PandaLabs Report Q1 2017 14
Ransomware
Ransomware attacks are still on the rise and will continue to
do so as long as victims keep paying hefty ransoms. There are
estimates that over the course of 2016, cybercriminal groups
specializing in ransomware earned a billion dollars. Concern is
growing in all areas, and legislation is being passed to combat
this type of crime. It is already officially a crime to deploy
ransomware in California.
During these first months of 2017, we have seen quite a spread very much like a meme in the way users were meant to
few cases of attackers of Russian origin. All of them follow share it with their contacts.
a similar pattern: once they access the computer via RDP,
they install bitcoin mining software as a method to obtain an The immediate consequences of a ransomware attack are
added profit, and then either encrypt files or block access clear: you lose access to your files. However, cases of digital
to the computer. They do not always use malware for this — hijacking can go far beyond this, as verified by customers of a
for example, in one of the cases we analyzed, they used the hotel in Austria. Cybercriminals remotely blocked all the hotel’s
commercial application “Desktop Lock Express 2” to lock the electronic keycard readers, making it impossible for guests to
computer: enter their rooms. This happened in the opening week of the
season, with 180 clients holding reservations. The people in
charge of the hotel decided to pay the €1,500 and thus regain
control of their systems.
Cybercrime
The business of cybercrime is more professionalized than ever,
which means that there are highly specialized groups in every
corner of it: the creation of malware and exploits, distribution
of malware, information theft, money laundering, etc. We can
see a clear example with RDPatcher, an attack discovered by
PandaLabs whose purpose is to prepare the victim’s computer
to be rented to the highest bidder on the dark web. Once
they’ve infiltrated the computer, the attackers proceed to
create a full profile of it, collecting all types of hardware data,
We also witnessed an especially insidious ransomware known installed software, security solution, connection speed, web
as Popcorn Time. The novelty here lies in the morbid way that pages visited, etc. It is then put on the black market to be
it propagates, as it aims for its victims to collaborate with purchased and conscripted for a botnet.
cybercriminals to infect new users. Aside from demanding
payment of 1 bitcoin (about 800 euros) for returning access The ingenuity of the cybercriminals appears to have no end.
to the user’s encrypted files, it offers the possibility to recover In one case discovered by PandaLabs, we saw how attackers
them for free if he or she contributes to its propagation. It avoided detection by using “goodware” to perpetrate their
attacks. After entering the computer’s system, the attackers
Panda Security | PandaLabs Report Q1 2017 16
The same group is known for having hacked other business and Macs, affecting 250 million users. While this group was
accounts, such as those of Netflix and Marvel. allegedly in possession of valid user credentials, Apple denies
that it had been compromised, chalking up the problem to
the re-use of credentials and hacking of third-party sites.
Of course, the technological giant refused to give in to the
blackmail attempt.
Internet of Things (IoT) The TV was an LG model manufactured in 2014, which ran on
Google TV, a version of Android specific to televisions. Once
For some time now, a majority of new buildings have been the device was infected, the malicious software demanded
equipped with smart meters to record the electrical 500 dollars for code to unlock the screen, using a simulated
consumption of homes and offices. Setting aside the notice from the US Department of Justice.
potential effects these meters could have on the electricity
bill (some consumer associations have already denounced
possible fraudulent activity), the fact is that the widespread
use of them carries some lesser known security risks.
million will be created. In other words, 5 million jobs will be lost In February, Google Homes all over the US were suddenly
permanently. awakened by a Super Bowl ad for the company’s virtual
assistant when someone on the screen uttered the magic
Another recent report, in this case coming from the words, “OK, Google.” It turns out that the Google Home’s
Organization for the Cooperation of Economic Development knack for tuning in on the fringes of conversations, patiently
(OCED) has singled out Spain, Austria, and Germany as the waiting for a voice command to summon it, makes it the
countries that will have the greatest impact on the robot perfect device for eavesdropping. This skill, paired with the
revolution. Specifically, this phenomenon will make it so that virtual assistant’s ability to store audio files, has even been
12% of workers in those three countries will be replaced by used in the investigation of crimes. The police from a US town,
machines, compared with an average of 9% in the rest of for example, asked Amazon for access to the information of an
OCED member states. Amazon Echo, as it could have stored information that would
be useful to an ongoing investigation.
Cyberwarfare
More than ever before, cyberattacks and politics are becoming
intertwined in a tight relationship. In the wake of last year’s
elections in the US, accusations against Russia with regard
to cyberattacks began to pile up, and eventually led to
sanctions. Before he left office, Obama accused the Russians
of orchestrating cyberattacks to damage Hillary Clinton’s
campaign in favor of Donald Trump and announced the
decision to expel 35 Russian diplomats and close two Russian-
owned compounds.
Based on this data, the European Parliament has elaborated
a set of regulations for the relation between robots, citizens, All this finger pointing has had repercussions in other
and businesses. This proposed legal framework is now being countries of the world as well. In France, for example, they
debated by the European Commission, who will have the final have ruled out the use of electronic voting by their citizens
say on the extent of the implementation of robots in society. residing abroad in the face of the “extremely high” risk of
The goal is to minimize the negative impacts that could result cyberattacks. In the Netherlands, they have gone even further,
from such an implementation. announcing that they would hand-check the votes on election
Panda Security | PandaLabs Report Q1 2017 20
night and report the results by phone to avoid the risk of a of attacks. The bad news: any other threat actor can now take
possible cyberattack. The announcement followed a security advantage of what’s been published to use it for his or her own
expert’s warning that the software used at polling stations was malicious purposes, learning the same tactics developed by
vulnerable. the CIA to violate the privacy of ordinary citizens.
4. CONCLUSION
Panda Security | PandaLabs Report Q1 2016
Conclusion
numbers, and as long as there remains a percentage of victims
willing to pay the ransom and security forces are unable to
track the money through bitcoin, this trend will not change.
5. ABOUT PANDALABS
Panda Security | PandaLabs Report Q1 2017
5
PandaLabs creates real and uninterrupted time necessary
to protect Panda Security clients from all types of
malicious code countermeasures worldwide.
About PandaLabs
PandaLabs is responsible for carrying out detailed scans
of all kinds of malware, with the aim of improving the
protection offered to Panda Security clients, as well as
keeping the general public informed.