Protect-Your-PC-From-Viruses

More »

Synchronized Security

Next-gen security with real-time intelligence sharing between your endpoints and firewall. More »

 

Don’t Trust Google Play Protect to Shield Your Android

Google Play Protect is supposed to protect users from malicious apps in the Google Play Store — but of 20 Android programs evaluated by AV-Test, Google Play Protect bears the dubious honor of being the only one that doesn’t routinely protect its users.

Those results come from AV-Test, a Madgeburg, Germany-based security firm, which periodically evaluates antivirus programs for Windows, Mac OS, Android and Linux. Overall, the results of its latest antivirus testing were pretty encouraging. Of 20 programs tested, AV-Test awarded 12 perfect scores and 19 recommendations. Only Google Play Protect didn’t make the cut.

AV-Test scores each AV suite out of a possible 13 points: six for protection, six for usability and the one remaining point for extra features. Earning eight points is enough to secure at least a tentative recommendation from the company.

Perfect scores were incredibly common. AhnLab V3 Mobile Security, Alibaba Mobile Security, Avast Mobile Security, AVG AntiVirus Free, Bitdefender Mobile Security, G Data Internet Security, Kaspersky Lab Internet Security for Android, McAfee Mobile Security, PSafe DFNDR Security, Symantec Norton Mobile Security, Tencent WeSecure and Trend Micro Mobile Security & Antivirus each earned 13 points apiece. If you’ve secured your phone or tablet with one of these programs, you’ve got nothing to worry about — and if you haven’t, you probably should.

At the other end of the spectrum was Google Play Protect, with an ignominious zero points earned in protection. (At least it got six for usability.) The program detected only 63 percent of real-world malware and 71 percent of reference data malware that AV-Test threw its way.

This may not sound like a problem, since Google Play Protect is not a traditional antivirus suite like the other programs tested. Remember: Google Play Protect scans programs within the Google Play Store itself before you download them, then keeps tabs on them periodically once they’re installed. It’s not running scans and quarantining files like a standard AV suite.

However, remember that in most cases, it’s trivially easy to fool the Google Play Store into accepting malware. For every shady program Google Play removes, there are probably still ten more lurking in the shadows. Google Play Protect is often an Android user’s only line of defense against malware. If it’s not stopping 30 to 40 percent of it at the source, it’s not providing protection when it counts most: before users ever install something compromising.

In-between the perfect products and Google Play Protect are a handful of programs that scored between 10 and 12.5 on AV-Test’s scale. These include Antiy AVL, Avira Antivirus Security Pro, Cheetah Mobile Security Master, F-Secure SAFE, Ikarus mobile.security, Quick Heal Mobile Security and Sophos Mobile Security. If you have one of these programs, you’re probably fine, but don’t be surprised if the protection or usability aren’t perfect.

Ultimately, Google Play Protect’s lapses aren’t shocking, given that it’s not a full AV suite, but it does mean that average Android users are not nearly as well protected as they could be. Since some of the other suites on offer are free, it’s worth installing one and at least performing a system scan. The only thing worse than knowing that your Android device is compromised, is not knowing that your Android device is compromised.

AVCrypt ransomware attempts to eradicate your antivirus

The malware attempts to take your antivirus products out of the equation before locking systems.

A new type of ransomware which tries to uninstall security software on victim PCs has been discovered in the wild.

The ransomware, dubbed AVCrypt, was first discovered by MalwareHunterTeam and later analyzed by security professionals at Bleeping Computer.

According to an analysis of the malware, AVCrypt will attempt to not only remove existing antivirus products before encrypting a compromised computer but will also delete a selection of Windows services.

Researchers Lawrence Abrams and Michael Gillespie say that the ransomware “attempts to uninstall software in a way that we have not seen before,” which marks the malware as unusual.

The true purpose of the malware — which appears to be ransomware due to its capabilities — is also in question, as some elements appear unfinished. There are elements of encryption, but no true ransom note, and together with AVCrypt’s process deleting, it is possible the malware may also be utilized as a wiper.

It is not yet known how AVCrypt targets victims. However, when the malicious code executes on a victim’s PC, the malware will first attempt to remove security software by targeting Windows Defender and Malwarebytes, or by specifically querying for other antivirus software before attempting to uninstall the programs.

In order to eradicate AV products, the ransomware deletes Windows services which are required for the protective services to run properly, including MBAMProtection, Schedule, TermService, WPDBusEnum, WinDefend, and MBAMWebProtection.

The malware then checks to see if any antivirus software is registered with the Windows Security Center and deletes these details through the command line.

During tests, however, the researchers say that the malware was unable to delete Emisoft antivirus software through these techniques.

Whether or not the deletion of Windows services to hamper AV protections would work with other solutions is unknown.

The wiper features do not completely destroy Windows builds, but likely will cause service degradation.

Once this stage is complete, AVCrypt then uploads an encryption key to a TOR location together with system information and timezone. The malware then scans for files to encrypt, renaming them in the process.

The ransom note, saved as “+HOW_TO_UNLOCK.txt,” does not contain any decryption instructions or contact information; instead, there is what appears to be placeholder “lol n” text.

It appears that the ransomware is in development stages, and while there is a tenuous link between AVCrypt and a recent attack on a Japanese university, it is not known whether the malware was responsible.

Microsoft told the publication that only two samples of this malware have been detected and so the company also believes that AVCrypt is not yet complete.

“This ransomware is quite destructive to an infected computer, yet at the same time does appear to upload the encryption key to a remote server,” the researchers say. “Therefore, it is not known whether this is a true ransomware or a wiper disguised as one.”

Microsoft: Windows Defender now rules antivirus on business PCs… running Windows 10

Microsoft’s new investments in Windows Defender and its advanced threat protection program appear to be paying off in the enterprise at least on Windows 10.

The company today announced that Windows Defender Antivirus, once shunned as “basic protection” because of its it’s relatively low malware detection rates, is now the most widely deployed antivirus among enterprise organizations.

But there is a catch to that claim. As Brad Anderson, Microsoft’s vice president of enterprise mobility and security notes, Windows Defender is the antivirus of choice on more than 50 percent of Windows 10 devices in the enterprise.

That’s an important milestone but an equally important distinction given that Windows 7 is still likely the dominant desktop platform in the enterprise, despite Windows 10 becoming the top desktop OS globally in January, according to web analytics firm StatCounter.

Microsoft’s latest monthly active user figures in November said that Windows 10 was running on 600 million devices worldwide.

Web analytics firm Net Applications’ March report of a slight uptick in Windows 10 share growth convinced Computerworld’s Windows watcher Gregg Keizer that the bump was due to upgrades by businesses preparing for the end of Windows 7 support, and the fact that Microsoft’s free-upgrade period for consumers ended long ago.

Regardless of Windows 10 adoption among businesses, Anderson offers troubling statistics for enterprise security vendors.

Windows Defender has an 18 percent share of Windows 7 and Windows 8 devices in the enterprise, while over half of Windows 10 enterprise devices use Microsoft’s own built-in antivirus.

Anderson also highlighted Microsoft’s dramatically improved performance ratings in tests carried out over the years by independent antivirus testing outfits, such as AV-Compartives and AV-Test.

Prior to 2015 Microsoft Security Essentials and Windows Defender was trailing behind the Kaspersky, McAfee, Symantec and many others. But in February, Windows Defender was among four products that scored 100 percent alongside Kaspersky, McAfee and F-Secure.

Anderson said Microsoft’s results improved markedly throughout 2015 and have risen to perfect and near-perfect scores in 2017 and 2018, which don’t take in to consideration its Windows Defender ATP exploit mitigation features and hardware-based defenses.

Windows chip flaw patch is crashing some PCs, making them unbootable

Here’s some bad news for Windows users. Microsoft’s latest patch to protect Windows users from the Meltdown and Spectre chip vulnerabilities was found to be incompatible with various types of anti-virus software.

The worst part is this, users with non-compliant antivirus software will not be able to install any Windows security updates at all unless the software makers tweak their software or the user uninstalls the software completely.

It’s a double whammy of sorts, leaving Windows users with either crippled security software or no protection against Meltdown. Yikes.

Microsoft’s Meltdown patch

During Microsoft’s testing of its latest January Windows patch, the company found that some antivirus programs are making “unsupported calls into Windows kernel memory,” which can cause dreaded Blue Screen of Death (BSOD) errors when the patch is applied.

Even worse, some Windows machines are even rendered unbootable when the patch conflicts with affected antivirus programs that integrate deeper into a Windows machine’s kernel.

Here’s what’s causing this issue. Since the Meltdown patch separates the kernel’s memory from user processes completely, antivirus programs that violate Windows’ built-in rootkit protection aka Kernel Patch Protection are causing Blue Screen of Death errors and endless reboot loops.

This means some Windows antivirus programs are going beyond what they’re supposed to access (i.e, protected areas of the kernel). Since the patch stops this access, the affected antivirus programs themselves are now causing errors in Windows.

Note: A kernel is a very integral part of an operating system considering it has complete control over it, connecting software to various parts of a computer.

Microsoft’s “solution”

To prevent these errors, which can render certain Windows machines unbootable, Microsoft will not push nor install security updates to computers that have the affected antivirus software installed.

Antivirus makers will have to test their software to make sure that it’s compatible with the Meltdown patch then update it with a specific Windows registry key. Once these steps are done, the Meltdown security updates can then be installed.

The company also said that this will be the new rule moving forward. Computers with antivirus software that do not have this registry key set won’t be able to get security updates at all…ever.

This leaves users with these options. Either uninstall non-complying antivirus software completely or your machine will not be able to install security updates. Well, for most users, the choice is pretty clear-cut. You don’t really want your machine to NOT have the latest patches.

Antivirus makers are left with no choice

Microsoft said that it is working with antivirus makers to resolve this issue but there’s a problem. While some developers are complying, other antivirus programs will completely break since they rely on kernel access to even function. Denying them this access will require a complete rewriting of the software.

Antivirus software companies who have complied with Microsoft’s requirements include AVG, Avast, Avira, Bitdefender, ESET, F-Secure, Kaspersky, Malwarebytes, Sophos, and Symantec.

McAfee, Trend Micro and Webroot are also working to tweak their software for compatibility soon.

Next-generation security providers like Palo Alto Networks, FireEye, Cylance, and CrowdStrike claim that their software has been tested to be compatible but they are not willing to set the registry key required.

Companies that have yet to confirm compatibility nor set the registry key include 360, VIPRE, and Countertack.

How to Remove Virus from Mac?

Mac malware does exist even though it is very rare. Recently, there have been a few notable malware and virus reports although a huge difference compared to Microsoft Windows is that there has never been a Mac malware epidemic. However, this does not mean that Mac has not come under spotlight for virus and malware creators. There are indeed people who still see Macs, including their users, as key targets. Let’s see how to stay safe and get rid of the viruses and malware these people try to dump on your Mac.

Here are some of the symptoms of viruses and malware that you could encounter in your Mac.

  • Your Mac suddenly becomes slow, as if there is some software running in the background chewing up resources
  • All web pages are overlaid with adverts, even those where you do not expect to see adverts
  • Going to your favorite sites does not always work, and this appears as if something is haphazardly redirecting you to spam advertising pages.
  • Advertising windows pop up on your desktop, apparently unconnected with any browsing you are doing or any program that is running.
  • You find there is a new toolbar in your browser that was not installed by you. These toolbars usually claim to make it easier to shop or search.
  • You discover any web searches are unexpectedly redirected away from your usual search engine to another site you have never heard of, in other words, the results appear in a page that is faked up to look like your usual search engine.

You don’t have to panic if you come across these symptoms as they do not always mean as if there is a malware or virus infection in your Mac. If your Mac has been infected, you should never Google a description of the problem and install the very first thing you spot that guarantees to be able to fix things. Unfortunately, a lot of software that in fact claims to be capable of fixing Macs is in fact malware itself, or is just fake and designed only to make you spend too much of your money. The bad people behind this software actually manipulate Google’s search results such that it appears at the top, enabling their apps to look unbelievably convincing and also professional.

Mac Virus Removal

There was a time when Mac computers were considered to be almost ‘virus-proof’. Sadly, this is no longer the case. The quantity of Mac viruses is presently growing at an alarming rate and solid protection against these threats is thus becoming the need of the hour if you want to prevent file corruption, identity theft or interception of your credit card details. If you think your Mac is infected by a virus or malware, you will need to make use of the best Mac antivirus or try applying the key steps discussed below to clean up things:

1. No more passwords

Going forward do not type any passwords or login details just in case a hidden keylogger is running. This is a very common component within malware. You need to be aware that several keylogger-based malware or viruses also periodically secretly take screenshots, hence you need to be careful not to expose any passwords by copying and pasting from a document, for instance, or by clicking the Show Password box that at times appears within dialog boxes.

2. Activity monitor

If you surely know that you have installed some malware, then quit out of that app by tapping Cmd + Q, or clicking Quit in the menu after making a note of its name.

Open Activity Monitor in the Utilities folder of the Applications list. Use the search field at the top right to search for the app’s name. You may find that it is in fact still running, even though you have quit it, thus go ahead and select it in the list and click the X icon at the top left of the toolbar and select Force Quit.

It should also be noted that most malware authors are wise to this and will inded modify their code so that it employs non-obvious names, which makes it almost impossible to uncover this manner.

3. Change passwords

Change all your passwords once you are sure the infection has been cleaned up. You will have to change passwords even for websites, apps, cloud services, and so on.

Wondering how to proceed, you will have to inform your bank or financial institutions of the infection and get their advice. At the very least they mostly make a note on your account for operatives to be extra vigilant if in case anybody tries to access it in future, or you could be issued with new details.

4. Keep (mostly) offline

As frequently as possible you should try and turn off your internet connection by either disconnecting the Ethernet cable if you are using a wired network, or clicking the Wi-Fi icon in the menu back and then selecting Turn Wi-Fi Off. Try to keep your internet connection turned off until the point when you are sure that the infection has been cleaned up. This indeed will prevent any more of your data being sent to a malware server.

5. Bitdefender

If situations where you cannot restore from a backup, open the Mac App Store and download the free-of-charge Bitdefender Virus Scanner. After it gets downloaded and installed, open the app and click the Update Definitions button, then click the Deep Scan button. Finally, you will have to follow the instructions to permit the app full access to your Mac’s hard disk.

6. Credit-card details

You will have to delete a particular app or file permanently if you are sure that your Mac was infected after opening that particular app or file. Do this by putting it into the Trash, and then emptying the Trash.

If you had carried out an online payment for the malware, which you believed is a legitimate antivirus app, then you will have to immediately contact your bank or credit card company and explain the situation to them. Do this not to get a refund, though it could be possible, but mostly to ensure that your credit card details are are misused.

7. Clear cache

Under the assumption that you have not been able to restore from a backup and have had to scan your Mac with the help of Bitdefender, you should also make sure to clear your browser’s cache.

In Safari this is possible by clicking Safari > Clear History, and then selecting All History from the dropdown list. Then click the Clear History button.

In Google Chrome this can be carried out by clicking Chrome > Clear Browsing Data, then in the Time Range dropdown box selecting All Time. Then click Clear Data.

8. Empty the Download folder

You can drag everything to the Trash, and then empty the Trash.

9. Reinstall macOS

You may have to completely reinstall macOS and your apps from scratch after wiping the hard disk as this could at times be the only way to guarantee that you are clean of an infection.

10. Shut down and restore

You can also instantly shut down your Mac and then restore from a recent backup, such as one developed with Time Machine. Evidently, this backup should be from a time before you assume your computer got infected.

After backup restoration, be careful when rebooting not to plug in any removable storage or to open the same dodgy email, app or file. You will have to scan removable storage devices through an antivirus app on a Windows computer in order to remove the Mac malware – even though it is Mac malware, it will still be detected by antivirus apps running on other platforms.

Microsoft Removes Antivirus Registry Key Check for Windows 10 Users

Microsoft has backtracked on a decision it took back in January when it conditioned that computers without a special registry key would not receive any more security updates.

That particular “requirement” was introduced as part of the Meltdown and Spectre patching process.

The Meltdown & Spectre registry key debacle

At the time, Microsoft said that antivirus vendors would have to add a key to the Windows Registry to signal that they are compatible with Microsoft’s original Meltdown and Spectre patches.

This was a big issue at the time because Microsoft detected during testing that some antivirus vendors would inject code into parts of the kernel that the company was trying to patch against Meltdown and Spectre flaws.

This resulted in some antivirus engines accidentally crashing computers after the installation of the aforementioned patches.

Microsoft conditioned security updates based on registry key

The Redmond company said that Windows 7, 8, 8.1, and 10 users that did not have such a registry key would not receive any more security updates part of the company’s Patch Tuesday.

Microsoft hoped the addition of a registry key requirement would force antivirus vendors to upgrade their products in a hurry to support the Meltdown and Spectre patches.

In reality, the requirement made life a living hell for everyone, confusing both AV vendors and users alike.

This was because some antivirus vendors declined to add the registry key on legal grounds or bluntly admitted they were an additional layer of security on top of classic antivirus scanners, and didn’t want to add the key, leaving it to other vendors.

Furthermore, Windows 7 and 8 users, where there’s no built-in Windows Defender, and who didn’t use an antivirus were accidentally left out in the cold, as there was no AV to vouche for compatibility or add the registry key. In these cases, users had to add the registry key manually if they wanted to receive any future security updates.

Requirement removed only for Windows 10 users

But Microsoft announced yesterday, that the registry key is not a requirement anymore for Windows 10 users, mainly because most antivirus engines have updated their products, hence there is no fear that Windows 10 users would encounter errors.

The registry key requirement remains intact for users of older Windows versions, such as 7, 8, and 8.1.

 

Russian anti-antivirus security tester pleads guilty to certifying attack code

 

A Russian coder who ran and franchised a dark web service that optimized malware and checked it against antivirus engines has pled guilty to one charge of conspiracy and one charge of aiding and abetting computer intrusion.

Jurijs Martisevs was arrested while on a trip to Latvia and extradited to the US after the authorities accused him and associate Ruslans Bondars of running the anti-antivirus system. Martisevs has now admitted to this, while Bondars is still awaiting trial.

According to court documents [PDF] Martisevs set up the service in 2009 and it operated until May 2017. Malware developers could submit their sample to the pair’s service and it would check the code against the virus signatures that are used by the world’s leading security software suites.

If the malware sample showed red and was likely to be identified in the wild, the code could then be tweaked to evade detection. One sample was submitted several times to the service before being unleashed on a major US retailer – thought to be Target.

Another malware writer with the initials ZS used the service to check the efficiency of a keylogger that had been developed. The malware was then sold to over 3,000 buyers and was thought to be used to infect over 16,000 computers.

The pair also offered their malware checking engine as an API so that it could be incorporated into off-the-shelf virus builder toolkits. Martisevs admitted that the code he helped develop was used by the Citadel malware that was used to extract $500m (£383m) from bank accounts around the world.

The pair even franchised out the service so other people could pitch it to hackers. They provided technical support via ICQ, Skype, Jabber, or email.

Martisevs faces a possible five years in prison on the conspiracy charge, along with a fine of $250,000 and three years’ supervised release. The aiding and abetting charge is more serious, with a possible ten years inside, as well as the fines and supervised release.

Best Antivirus to Protect Your iPhone

It looks like people need to be more and more aware of what they are downloading or clicking on when they are using the internet on their mobile devices. And what better help in a time of need than an antivirus that can best fit to what you desire from it? Today we are going to give you 3 options for your Apple phones and tablets.

Number 1: McAfee Mobile Security

This is a free and secure app for your phone that can help you fight the battle against malware. Does it have any out of this world options that can rock your world? Not in the way you might think but this is a very reliable app for users of all ages.

This app lets you hide and encrypt your photos and it makes you the only person able to see them by request either Face ID or Touch ID to open them. Pretty neat for those out there that want to treasure their privacy. When it comes to anti-theft options, the app not only lets you activate basic features like activating the silent alarm or the map location but it also takes a snapshot and sends it to you if someone wants to get in your encrypted picture vault which would, hopefully, give you a picture of the person who stole your iPhone.

The app is very versatile, as it allows you to remove your contacts remotely if your phone is stolen and even provide a battery check function that can be used from your Apple watch.

Number 2: Avira Mobile Security

It is well-known already that Avira is by far one of the best, if not the best anti-virus software out there. The mobile version is also pretty good. There is a feature named Identity Safeguard that scans your email addresses and alerts you if they were leaked online or if there was a security breach. Another interesting thing about it is that it has a Contacts Backup option which lets you protect your address book or forward it to Google Drive or Dropbox for you to have it and keep it safe.

More basic features include you having the option to analyze your storage and memory use and an anti-theft option.

Number 3: Trend Micro Mobile Security

If the two previous options were free, we’d also like to present you an app that has plenty of good features but that costs a bit in order for you to use it. How much? It costs $3 every month and if you decide to pay for two years you get a small discount, paying only about $2 per month. That is a deal, if we may say so.

What does the app offer? Well, Trend Micro Mobile Security gives you a private web browser which is a very good step in preventing you from coming into contact with malicious websites or annoying pop-ups. It is also able to scan your Twitter or your Facebook and report on it if the app finds anything that could endanger your privacy.

Most importantly, the app has a built in feature that filters malicious or phishing type of websites which works on Safari and other browsers as well. It is also able to speed webpage load up time and cut data usage, which we have all at one time been concerned with.

Our opinion

We believe that these three apps are all very good in their respective ways. We do not have a clear winner as all these apps help keep you safe online. We recommend that you choose the one whose features attract you the most.

McAfee acquires TunnelBear VPN Company

McAfee which is an American global computer security software company has recently taken over Canadian VPN service provider TunnelBear. As per some reports from the Beebom the US cybersecurity firm acquired TunnelBear for undisclosed terms.
The report further suggests that “TunnelBear will continue to develop the bear-filled products”. However, neither of the companies has made any revelations regarding the terms of the deal, apart from the fact that TunnelBear will continue to work independently. Further, the report suggests that the TunnelBear customers who are worried about the changes in the privacy policy would be happy to know that the company will continue to be independently audited. Further, the TunnelBear added that” We’ll also continue to collect the minimum amount of data possible to operate our service and document everything in our privacy policy. We know that trust is something that you earn through consistent transparency, so we’ll be sharing updates on our progress as we go.”
In our recent article, we covered that McAfee has announced a new identity theft solution which overcomes the traditional antivirus system. The new security solution is designed to keep consumers stay protected in the wake of recent massive data breaches. With McAfee Identity Theft Protection, the digital world is a safer place to live, work and play claims the company.

McAfee Identity Theft Protection allows users to protect their identities with personal monitoring, financial monitoring and recovery tools. Through new partner innovations with D-Link and Samsung, McAfee delivers security in the areas of the connected home, mobile security and privacy. You can read the complete story here.

In our other article, we also covered that McAfee had announced it has extended its Cloud Security Platform to consistently protect Microsoft Azure, to secure Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS).
The solution addresses the most critical enterprise security requirements for Microsoft Azure and empowers customers to build applications on the Microsoft Azure cloud with the peace of mind that their applications, underlying cloud infrastructure and enterprise data are protected. This announcement marks the introduction of the first joint solution following McAfee’s acquisition of Skyhigh Networks, demonstrating the company’s commitment to enhancing its Cloud Security portfolio, which now includes McAfee Skyhigh Cloud, McAfee Virtual Network Security Platform (McAfee vNSP) and McAfee Cloud Workload Security (McAfee CWS). You can read the full story here.

Quick Heal Technologies Limited releases Annual Threat Report – 2018

Highlights of the report:-

Windows:

  • Ransomware, cryptocurrency miners and zero-day exploits dominated 2017; Ransomware grew 300% in 2017 in comparison with 2016
  • Over 930 million Windows malware detected in 2017; more than 2.5 million everyday
  • Over 14 million cryptocurrency miner malware hits detected in 2017
  • Ransomware, Cryptojacking and usage of Artificial intelligence by cybercriminals are some of the top predictions to watch out for in 2018

Android:

  • Over 1 million Android malware detected in 2017; PUA or Potentially Unwanted Application led with 46% of the total detection
  • Proliferation of fake apps and downloading of apps from third-party stores emerge as the biggest security threats of 2017
  • Cryptocurrency mining was observed to have spread from PCs to smartphones where attackers targeted gaming, adult entertainment and browsing related apps
  • 2018 to witness an increase in threats to mobile devices

Pune, February 26, 2018: Quick Heal Technologies Limited, one of the leading providers of IT security solutions, today released its Annual Threat Report – 2018 with the objective of providing qualitative insights into the cyber threat landscape that impacted individuals and businesses in 2017. The report features data analyzed by Quick Heal Security Labs from millions of products to deliver timely and advanced protection to individual and enterprise customers under the brands ‘Quick Heal’ and ‘Seqrite’ respectively.

In 2017, Quick Heal Security Labs detected over 930 million Windows malware that targeted individuals and businesses. Ransomware, cryptocurrency mining and zero-day exploits headlined the threat landscape in 2017 with ransomware growing 300% in comparison with 2016. 2017 was dominated by several exploits leaked by Shadow Brokers such as EternalBlue, EternalChampion, EternalRomance and EternalScholar which were responsible for advanced ransomware campaigns such as WannaCry and Notpetya, and a few cryptocurrency mining campaigns. With the growing availability of exploit kits and ransomware-as-a-service, Quick Heal Security Labs predicts ransomware to become more vicious in 2018.

With the sudden rise in Bitcoin’s valuation, cryptocurrency miner malware became a hot attack vector for cybercriminals.  In 2017, Quick Heal Security Labs detected over 14 million hits of cryptocurrency miners with PE executable miners and script miners contributing 3 million and 10 million hits respectively. Quick Heal Security Labs predicts cryptojacking to explode in 2018 as it empowers attackers to use the latest techniques and discreetly use endpoints to illegally mine cryptocurrency.

On the Android platform, Quick Heal Security Labs detected over 1 million Android malware in 2018. The proliferation of fake apps and downloading of apps from third-party stores were the biggest mobile security concerns in 2017. Towards the end of 2017, Quick Heal Security Labs observed cryptocurrency mining to have spread from PCs to smartphones where attackers targeted gaming, adult entertainment and browsing related apps. As more and more people use mobile devices for financial transactions and to store personal data, Quick Heal Security Labs predicts an increase in the threat to mobile devices in 2018.

Sharing his insights into the threat landscape in 2017, Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Limited said, “The rising usage of advanced techniques by cybercriminals to propagate into endpoints indicates that the threat landscape will continue to evolve and become more sophisticated with each passing year. While technology makes our lives easier, our rising dependency on connectivity of everything makes us vulnerable to all forms of cyberattacks. With the stakes so high, it has become more important than ever for individuals and businesses to adopt a more proactive approach towards safeguarding their digital assets.”   

Top Cybersecurity Predictions for 2018:

  • Ransomware will become more vicious
  • Crpytojacking will be a new menace to deal with
  • Increase threats to mobile devices
  • Artificial Intelligence will be misused by cybercriminals
  • Internet of Things (IoT) will still remain an easy picking for attackers
  • DDoS attacks will get more menacing
  • Small and medium-sized businesses will remain in the kill zone for cybercriminals in 2018
  • Brute-force attacks will become more effective
  • Biometric authentication data will be at risk

About Quick Heal Technologies Limited

Quick Heal Technologies Limited is one of the leading providers of IT security software products and solutions in India. Incorporated in 1995 with a registered office in Pune, Quick Heal Technologies Limited has a network of 18000+ channel partners as on 31st December 2017. It conducts sales and marketing activities across India.

Quick Heal’s portfolio includes solutions under the widely recognized brand names ‘Quick Heal’ and ‘Seqrite’ across various operating systems and devices. Quick Heal Technologies currently has over 8.28 million active licenses as of 31st December 2017.