Findings in Webroot’s new 2017 Threat Report reveal mixed results for malware trends. Although MSPs can take some comfort in the fact that one category of cyber threats has seen a significant decrease, the hard truth is that endpoint security threat trends are pretty negative overall.

Webroot continually produces threat intelligence based on its broad and deep understanding of current and emerging threats. At the beginning of this year, the Webroot Threat Research team analyzed the entire body of Webroot threat intelligence from 2016 to identify the biggest trends MSPs and their clients should watch for in 2017. Let’s take a look.

The Good

Out of the hundreds of millions of new executable files observed by Webroot in 2016, only 2.5% were malware and 2.2% were potentially unwanted applications (PUAs). These numbers represent significant reductions from previous years. In addition, from January to December, the monthly counts for new PUA executable files dropped over 80%.

The Bad

  • Nearly one-third of URLs with sufficient information available were identified as high risk.
  • The number of new and updated Android® apps that Webroot classified as malicious or suspicious each year shot from approximately 2 million in 2015 to nearly 10 million in 2016.
  • The number of unique zero-day phishing URLs Webroot observed each month grew significantly in 2016. Almost twice as many of these were detected in the fourth quarter as in the first quarter.

The Ugly

  • Phishing attack life cycles keep dropping. Some attacks or only live for a few minutes, and the average phishing attack life cycle is under 15 hours.
  • Phishing attacks now rely on attackers acquiring and using web pages in established benign domains, rather than using dedicated domains.
  • Despite the overall reduction in new executable threats, ransomware is the exception. Given the continued success of Locky ransomware and the variety of ransomware-as-a-service and exploit kits, Webroot expects ransomware to be an even bigger problem in 2017.

Going Forward

Considering the dynamic nature of today’s websites—which can toggle between benign and compromised in the blink of an eye—and the sheer volume of URLs and Android apps your clients have at their disposal, conventional, static antivirus solutions don’t have a chance.

To secure their clients, MSPs need to implement endpoint protection technologies that leverage threat intelligence that is constantly updated with the latest information on malicious and suspicious activity. This robust type of threat intelligence is the only solution that can provide the real-time, accurate, automated decision making MSPs need to protect their clients from the growth and variety of cyberattacks in the threat landscape today.

Download your free copy of the 2017 Webroot Threat Report here