Posted April 6, 2016
Every four seconds, a new strand of malware is born. More alarming, reports show that in the past five years malware has grown approximately 400 percent. While this extreme uptick in malware infections is partially due to the natural expansion of the Internet and Internet connected devices, this rise can also be attributed to a lack of robust security practices and employee training in organizations. One of the most common ways that malware spreads is via malicious emails containing attachments, which is propagated by those who do not have the proper security awareness training, as well as those who do not keep their operating systems updated.
Through LookingGlass Virus Tracker, the largest botnet monitoring system in the world, our Cyber Threat Intelligence Group (CTIG) analyzed the 2015 malware infection landscape, and provided a 2016 outlook and recommendations, so you can stay ahead of the malware risk.
In 2015, we recorded approximately 760 million infections (of which 3.2 million affected mobile devices). This is a 14 percent decrease over 2014, which can be attributed to people upgrading their operating systems. Virus Tracker also detected 854,504 advanced persistent threats (APTs), a 136 percent increase over 2014.
Of all the botnets Virus Tracker monitored in 2015, Sality – a zombie botnet – made up 66 percent of all infections. A zombie botnet is one that has not been used to create new infections, but is still in use (for example, an older botnet that is used for sending out spam emails). In this case, Sality is mainly used as a file infector. The reason computers are still being infected with Sality is because they do not have anti-virus (AV) software installed or their Windows updates are deactivated. It is important for users to keep current with Windows updates because they deploy the Malicious Software Removal Tool that can remove Sality. Unfortunately, most of the infected computers do not appear to have Windows updates enabled. The other significant botnet on the Top 10 Botnets list was Conficker at 27 percent of total infection records.
While malware doesn’t seem to be going away, we do expect a few positive developments in regards to combatting these attacks. These include:
- More updated operating systems connecting to the Internet: Windows 10 is on the rise. It has new security features compared to older operating systems like Windows XP, making it harder (but not impossible) to infect. Microsoft has also introduced Device Guard to its operating system, with the hopes of staying one step ahead of malware and zero-day attackers. Further, Windows 10 has Secure Boot, which works a bit like Device Guard in that it allows only trusted, executables to run on a device.
- Increase in security awareness: More government institutions are focused on combating cyber threats, whether it is through funding, national CERTS, etc.
Organizations need to get in front of attacks by constantly monitoring the open source for risk. Threat data feeds, such as those in the LookingGlass machine readable threat intelligence (MRTI) portfolio can check for known infections and deliver threat data directly to you before an incident occurs.
The LookingGlass Cyveillance Malicious C2 and Infection Records feeds from Virus Tracker pull from a huge historical database with over two billion records. Virus Tracker observes more than three million unique infections every single day and covers 40 percent of worldwide APTs (Stuxnet, Flame, etc.), as well as provides insight into peer-to-peer Trojans with no central Command & Control (C2) server.
Check out our infographic below for more information on 2015 infections, as well as our 2016 outlook and advice on how to stay ahead of these threats!