Global Trends of the ‘Most Wanted’ Malware

Share this…

The malware world continues to develop rapidly and dynamically. On a daily basis new malware appears, accelerating the cat-and-mouse game between attackers and defenders. As a result, it’s more important than ever for cyber security professionals to stay up-to-date about the ever-changing threat landscape in order to provide organizations with the highest level of protection. To keep you in the know, Check Point has created the H1 2016 Global and Regional Trends of the ‘Most Wanted’ Malware report, which provides an overview of the malware landscape in the top categories – ransomware, banking and mobile – based on threat intelligence data drawn from Check Point’s ThreatCloud World Cyber Threat Map between January and June 2016. To peak your interest, below are a few highlights from the report.

H1 2016 Global Trends and Highlights

Ransomware: the dawn of a new era

Without a doubt, 2016 will go down as a prime year for ransomware. Ransomware has consistently been in the news for the past several months, and for a good reason, as attacks have increased in quantity, variety, efficiency, and sophistication. Barraging users and organizations of all sizes, criminals are now creating new and revamped ransomware using every possible type of attack vector. For more information about the ransomware epidemic, download our whitepaper Ransomware: Attacks, Trends, and Response.

Turmoil in the exploit kit landscape

Attackers use exploit kits to spread malware. These kits, which have an alarming success rate, leverage vulnerabilities in web browsers and operating systems to install malware without the user’s knowledge or consent. As we have seen in the case of the Nuclear Exploit Kit, this can be an extremely profitable business for developers who rent their kit to attackers worldwide. Interestingly, there has been a shift in the exploit kit arena since the beginning of 2016. We have witnessed the decline of two of the largest exploit kits in the wild, Angler and Nuclear, and the rise of Neutrino and Rig Exploit Kits, as seen in the recent Cerber campaign.

The rise of mobile botnets

In 2016, a new form of malware appeared in the mobile world – botnets. A botnet is a group of devices (PCs, laptops, or mobile phones) controlled by hackers without the owners’ knowledge. The larger the botnet, the greater its capabilities. The botnets we detected, such as Viking Horde and DressCode, even managed to infiltrate Google Play and target hundreds of thousands of users. So far, mobile botnets have been used mainly to generate fraudulent traffic and ad clicks. However, they can be leveraged to achieve disruptive goals, such as DDoS attacks which can have a devastating effect on organizations of all sizes.

Top 10 Malware Families Globally


Figure 1. 2016 H1 Most Prevalent Malware Globally


Cyber Attack Categories by Region

The infographic below shows the spread of three of the main malware categories detailed in this report – Banking, Mobile and Ransomware – across the different regions on the world. The regions include the Americas; Europe, Middle East and Africa (EMEA); and Asia and Pacific (APAC).


Figure 2. Attack Categories by Region



Global Threat Index Map

Check Point’s Threat Index is based on the probability that a machine in a certain country will be attacked by malware, as derived from the ThreatCloud World Cyber Threat Map, which tracks how and where cyberattacks are taking place worldwide in real-time.


Figure 3. H1 2016 World Cyber Threat Index Map
Pink = Lower Risk   Red = Higher Risk   Grey = Insufficient Data


The first half of 2016 demonstrates the nature of today’s cyber threat landscape. Many old malware threats remain prominent, while at the same time newcomers arrive and take the world by storm. On top of that, malware demonstrates a long tail distribution with a small number of families responsible for a major part of the attacks, while thousands of other malware families are rarely seen. Lastly, we see that most cyber threats are global and cross-regional, with the top threats appearing in all three regions.