In Q3 2017, Comodo Threat Research Labs (CTRL) detected nearly 400 million malware incidents from around the world – and some within every nation-state on the planet. Even the tiny island nation of Kiribati has malware. Malware is a global security challenge that is only growing: in Q3, Comodo detected roughly four times the number of malware incidents as in Q2 (97 M). Cyber spies and criminals are busy, so it is critical that enterprises develop a sound cybersecurity strategy as soon as possible.
Q3 2017: Most Dangerous Malware
The most dangerous malware types were:
- Trojan horses (13.7 M) were the most common malware type, and Ukraine was the top victim.
- Viruses (5.4 M), with Brazil as the most vulnerable.
- Worms (2.8 M), and Russia was the most victimized nation.
- Backdoors (553 K), with the U.S. in the lead.
- Packers (384 K), with Russia in first place.
Application malware, which includes not only malicious but also potentially unwanted programs and adware, will be covered in a special Comodo threat report separately.
Q3 2017: Global Analysis
- The top five malware-ridden countries were Russia, U.S., Poland, U.K., and Germany.
- The top 20 countries accounted for nearly 319 M detections, or over 80% of the global total.
- Most nations had trojans – the Swiss Army knife of malware – as their No. 1 threat.
- Lower socioeconomic tier regions, such as South America, Africa, Southeast Europe, and Southeast Asia, were affected by a higher proportion of viruses and worms.
- Backdoors were the primary malware type seen in North Korea.
For much more detail on malware, countries, and even whole continents, please download the Comodo Threat Research Labs Threat Report Q3 2017.
Phishing Goes Global, Spearheaded by “Zombie Computers”
The Comodo Threat Intelligence Lab (CTIL) was the first cybersecurity analysis firm to discover a number of new, large-scale and global email-based phishing campaigns this quarter. Three were related to the “Locky” Trojan and used social engineering to get users to click on links, which delivered a ransomware payload.
“This attack was unique in its combination of sophistication and size, backed by a botnet spread across more than 11,000 IP addresses in 133 countries in just the first stage of the attack,” said Fatih Orhan, head of CTIL. “Also, the malware was designed to avoid detection by sandboxing and artificial intelligence technologies common in many endpoint protection systems.”
CTIL detected the phishing campaigns from August to September 2017. They were launched primarily from the IP addresses of infected “zombie computers,” owned by telecom companies and ISPs. Of the enterprise customers attacked, only the ones with a “default deny” security posture were truly safe.
Learn more about current threat patterns today.
The strategic analysis included in this Comodo report can help cyber defenders at the tactical level by helping them to see where they fall in the global malware landscape. Remember, cybersecurity is much more about brains than brawn. Businesses must integrate security into their corporate culture, and metrics are key to the decision-making process. Cyber spies and criminals take advantage of the mazelike, international architecture of the internet to achieve a high degree of anonymity. Therefore, it is important that enterprises collaborate with partners, both within their national borders and in other countries, in order to understand who is attacking them, and why.
Get the report.
About the Comodo Threat Research Labs Q3 2017 Report
The Comodo Threat Research Labs Q3 2017 Report is the third quarterly publication of the Comodo Threat Research Labs, a group of more than 120 security professionals, ethical hackers, computer scientists, and engineers, who work for Comodo full-time analyzing malware patterns across the globe. Comodo is a global innovator of cybersecurity solutions.