Symantec has uncovered a sudden decline in activity amongst key malware groups in the past few weeks, including the widely distributed Locky, Dridex and Angler.
Symantec speculates there may have been a conscious decision to hold off certain attacks, or disruptions to operations (e.g. outages), however insights are limited as to why attacks have been scaled back. Important to note however, is that threats from these groups have not dropped off entirely.
One possible explanation is that the law enforcement takedown against Lurk could have resulted in the shutdown or seizure of infrastructure used by other attacker groups, who have since been working to resume their operations.
Symantec is continuing to monitor the situation and will provide updates on its Response blog should new information be available.
For further details, please refer to the response blog here.
