2017 will long be remembered as the year of information breaches. It was also a year of security analysis in enterprise security and multiple geopolitical events that corresponded with major malware spikes. From elections to North Korea nuclear threats and missile launches, it seems likely that cyber actors are using geopolitical events to achieve cyber activism and other goals.
Comodo launched quarterly threat reports throughout 2017, and the Comodo 2017 Global Malware Report summarizes our key findings for the year, analyzing malware patterns across countries, industries and events. Among our discoveries:
Trojans Are the No. 1 Malware Threat
Trojans were detected in 225 countries in 2017, with Russia being the No. 1 recipient, receiving 9% of all Trojan detections. Russia also led the world in backdoors and worm detections, while the U.S. led the world in application threats, including unsafe and unwanted applications, viruses and packer malware. Russia and the U.S. were the No. 1 and 2 countries for malware detections in 2017, while online services and technology were the No. 1 and 2 most targeted verticals.
Backdoors Rise While Other Threats Decline
Comodo witnessed a rise in backdoor threats in Q4 2017 and predicts that they will continue to rise in Q1 2018. Other malware patterns remained even or declined in Q4 2017.
Malware Spikes Occur in Sync with Geopolitical Events
Geopolitical events in multiple regions coincided with malware increases throughout the year. While Comodo cannot prove causation, we can demonstrate correlation between geopolitical issues and diverse malware attacks, including:
- U.S. elections: A massive spike in Kryptik trojans occurred on Oct. 24, 2017, with more than 94% of nearly 300,000 trojans focused on the state of Virginia, where a close and hard-fought gubernatorial election took place.
- East Asia: The country of China experienced malware growth, with a virus surge of nearly 20,000 when China’s President Xi visited the U.S. in April 2017 and North Korea fired test missiles. Similarly, Trojan attacks in China spiked to 30,000 during the Silk Road Summit in early to mid-May 2017, 40,000 in early August 2017 after an earthquake and a U.S.-China naval dispute, and 55,000 on Sept. 3, 2017, after China joined the U.S. and Russia in condemning a North Korea nuclear test.
- North Korea: Comodo is one of the few commercial cybersecurity companies with visibility into North Korea. We witnessed a startling Trojan increase in the country on Sept. 19, 2017, corresponding with a speech at the United Nations where U.S. President Donald Trump threatened to destroy North Korea.
About the Comodo Global Malware Report
The Comodo Threat Research Labs’ 2017 Global Malware Report summarizes global malware patterns, providing business and technology decision makers with critical insights they can use to improve enterprise security. This publication is the year-end edition of a quarterly threat report published by Comodo Threat Research Labs, a group of more than 120 security professionals, ethical hackers, and computer scientists and engineers who work for Comodo full-time analyzing malware patterns across the globe. Comodo Security Solutions Inc. is a global innovator of cybersecurity products for the enterprise.