Comodo Threat Intelligence Lab Reading Time: 2 minutes
Threat Intelligence Lab

Globally, on Monday, November 27th… Cyber-Monday… the Lab saw a massive spike in detections. The reason? Cyber Monday deals lead to more people searching and shopping on the web than usual. More active endpoints mean more malware activity.

Over 17 million malware files were detected the week of December 6. This is more than a 33% increase from the previous week’s 13 million detections.

Last week, we reported that Taiwan was one of the countries under attack from the Ramnit virus. Now, we are seeing disproportionate levels of malware in Kazakhstan, Namibia, Mexico and Taiwan again. The Lab recommends a security review of patch management and endpoint protection for all enterprises with offices or other operations in these countries.

Trojans were the most detected key malware type, followed by viruses and worms. Trojans and worms hit Russia the hardest, followed by Brazil, Turkey, the United States and South Africa.

The most prevalent worms were Autorun and Dropper; among viruses it was Sality; and among Trojans, we saw Autoit, Scar, Agent, Fynloski and the infamous WannaCry ransomware virus.

The Comodo Threat Intelligence Lab recommends defense in depth with a robust endpoint URL filter as the best mitigation against Trojans. And to stay protected against worms, we recommend personal firewalls, which may not be as trendy as artificial intelligence and machine learning, but are still highly effective at keeping worms from spreading in your environment.

The limitations of machine-based analysis have also emerged. While machines can detect known malware executables and simple unknown ones, they cannot analyze complex unknown malware files, which numbered almost 75,000 last week. Complex unknown files require expert human analysis.

The Lab recommends implementing a default deny security approach for new unknowns to prevent infections in your endpoints from newly created or modified malware.

Despite this massive spike in malware activity, no active Comodo Advanced Endpoint Protection users were infected. This demonstrates the benefits of the Default-Deny security posture with Auto-Containment of unknown files while they’re being analyzed.

The Comodo Threat Intelligence Lab will continue to monitor cybersecurity events and malware attacks. As always, we’ll provide you with vital updates in weekly and special videos and reports.

If you would like to learn more about security threat report offered by Comodo Threat Intelligence Lab or subscribe and access the archives, please visit Stay cyber safe! … and thank you.