back to article For all the chaos it sows, fewer than 1% of threats are actually ransomware

Ransomware dominated the threat landscape last year even though file-encrypting nasties made up less than one in a hundred examples of different Windows malware during 2016. The mode of action and damage created by file-encrypting trojans makes them a much greater threat than implied by a consideration of the numbers, …

  1. Anonymous Coward
    Anonymous Coward

    "...and around every three months"

    Who knew, even malware writers have end of quarter quotas to meet!

    1. Anonymous Coward
      Anonymous Coward

      even malware writers have end of quarter quotas to meet!

      Quite possibly they do. The higher end of organised crime would have to be run on very tight commercial lines, with good accounting, decent MI and KPIs. I would suspect that the big drug barons can identify their total "production", sales, losses from distribution fraud or police interception, the volume and value of work-in-progress and so forth. I would guess that there's crossover between drugs, malware (and other forms of crime) so that the same principles will be applied.

      Malware is parasitic from of crime - it needs to not kill the host, to generate what at eco-system level is a recurring output, and to evolve against countermeasures. To be successful you need to be organised, to create diverse revenue streams from selling code you no longer need to hoard, selling botnets, ransomware, or simple botnet services pumping spam or delivering DDOS. All of that means that it really lends itself to organised crime, and once it gets into those hands, the black hats become armed and dangerous black hats.

  2. Prst. V.Jeltz Silver badge

    The overall number of malware exceeds 640 million

    seven out of ten newly programmed malware programs targeted Windows.

    = 192 million non windows

    3000 mac OS

    4 mill Android

    where were the other 188 million?

    Surely Linux didnt get 50x as much as apple?

    1. Voland's right hand Silver badge

      Surely Linux didnt get 50x as much as apple?

      Not clear if flash, pdf, etc are counted as separate or only for a particular platform.

    2. James O'Shea

      "Surely Linux didnt get 50x as much as apple?"

      That depends on whether or not you consider systemd to be malware.

      <runs away>

    3. katrinab Silver badge

      "Surely Linux didnt get 50x as much as apple?"

      Things like Wordpress have a lot of vulnerabilities, and they often run on Linux machines.

      1. Mage Silver badge

        Things like Wordpress

        In my experience most of the issues with Drupal, Wordpress, etc are badly written plugins (REALLY think, do I need this?) or badly configured installs or badly configured hosting.

        1. Anonymous Coward
          Anonymous Coward

          Re: Things like Wordpress

          Plenty of issues with plugins, but I would think that Drupal, Wordpress and others are also quite often victim of the "set it and forget it" line of thinking. Customer wants website, gets website with Drupal as a CMS, customers website gets compromised 2 years later because nobody thought of patching the frigging thing.

  3. Cuddles Silver badge

    "The overall number of malware exceeds 640 million

    seven out of ten newly programmed malware programs targeted Windows.

    = 192 million non windows"

    Note the phrase "newly programmed". 640 million is the total ever written, while the 7/10 for Windows refers only to new stuff written (or at least released or detected) in the last year. In fact, the report notes that there are over 600 million known malware programs targetting Windows, which puts it at something like 94% overall. Unfortunately the report doesn't give enough detail to figure out exactly which OSes get exactly what proportion either overall or just for the new stuff.

  4. cbars

    low frequency, high damage/visibility

    Same threat profile as terrorism. What we need to do, is monitor all internet traffic, then we'll never have to worry about either one as the intelligence agencies will have everything they need to keep us safe!

    Job is basically done then, right?

    1. theblackhand

      Re: low frequency, high damage/visibility

      Monitoring all Internet traffic and using reversible (but only for the good guys...) is all well and good, but the bad guys will start avoiding those communications channels.

      I favour a Matrix style approach where all the people actually sit in little beds wired up to reality so that we can monitor EVERYTHING, EVERYWHERE!!!!

      You think this is a bad idea G489089890121-2? * zaps you with enough electricity to power a small town * Bwahahahaha!!!!! Re-education completed....

  5. Anonymous Coward
    Anonymous Coward

    fewer than 1%

    fewer than 1% is zero .. where are the grammar police when you need them?

    1. Alister Silver badge

      Re: fewer than 1%

      fewer than 1% is zero

      Umm no... no it's not. 0.5% is less than 1%, as are 0.9%, 0.8%, 0.7%...

      where are the grammar police when you need them?

      Right here.


      1. Paul Crawford Silver badge

        Re: fewer than 1%

        Exactly, that 1% is already an integer value of some 6 million or so.

      2. Anonymous Coward
        Anonymous Coward

        Re: fewer than 1%

        "0.5% is less than 1%,"

        so, "fewer" is the same as "less than" .. really?

        0.5 may be less than 1, but it isn't fewer.

        1. katrinab Silver badge

          Re: fewer than 1%

          "Fewer than" if you are counting discrete items, "less than" if you are looking at a measurement of something that cound be any value, such as length. You can't have half a vulnerability, though 0.5% of the total population of vulnerabilities is possible.

          1. Paul Crawford Silver badge

            Re: fewer than 1%

            1% of, say, 640 million vulnerability is 6,400,000

            Thus if I have 5,000,000 vulnerabilities I have fewer than 1%

        2. 's water music Silver badge

          Re: fewer than 1%

          so, "fewer" is the same as "less than" .. really?

          I felt compelled to up vote you, obviously, but every time I do it, it makes me like myself a little fewer.

      3. Jonathan 27 Bronze badge

        Re: fewer than 1%

        Go easy on the guy, his mind only works in integers.

  6. DougS Silver badge

    iOS is seeing attacks decline

    According to the PDF, with the authors claiming the reason is because Android attacks are profitable and iOS attacks are not. They say it has "dropped below meaningful percentage points" and thus don't even list the number of iOS attacks. I wish they'd have expanded on this, because it is interesting.

    Obviously iOS is a minority of smartphones - a bit less than 15% worldwide by sales - but since they cost significantly more on average, the average iOS user comes from a richer country and is richer. Presumably a better target for malware, right? macOS has an even smaller percentage of PCs than iOS does of smartphones, and a lesser degree of cost difference from Windows PCs, but attacks there are rising. Why the difference?

    Maybe it is because when a working attack on iOS is found, Apple can and will patch it very quickly, and it is applied quite quickly and widely, meaning that working attack is really only useful for targeted attacks (i.e. I want to break into Trump's Twitter phone) rather than trying to infect many people. A targeted attack can stay under Apple's radar and keep the exploit secret, but once it is released very widely it will become known and be fixed almost immediately.

    While Google probably responds as quickly with Android patches, those fixes will never reach a majority of phones in the wild at the time the fix is made, so a working Android exploit may be thousands of times more effective due to its far longer useful life. Even if the average Android user has less money (worldwide, most are buying phones for $100 and under) the fact the exploit will be able to work for years means it will easily outearn iOS exploits that would have mere days to earn before they're shut down.

    On PCs, Windows and Mac are probably about equal in how quickly fixes are developed and applied by end users. The fact most Mac users don't have AV software should mean they're easier to infect given a working exploit and therefore profitable enough to attack despite having something like 5% market share worldwide.

    1. katrinab Silver badge

      Re: iOS is seeing attacks decline

      Macs have XProtect which is a very rudimentary virus scanner, but AV on windows isn't actually that good at picking things up.

    2. GrapeBunch Silver badge
      Thumb Up

      Re: iOS is seeing attacks decline

      Hmm, 7 hours after your comment, there are no upvotes and no downvotes. I'd expect such an informative post to be heavily upvoted if correct, otherwise mercilessly downvoted. Call me an optimist. But don't let her know I don't pay.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019