Comodo publishes strategic analysis of 97 million malware incidents in Q2
Comodo detected and analyzed nearly 100 million incidents in Q2 2017, almost quadruple the number from its Q1 report, in a detailed study released by Comodo Threat Research Labs (CTRL). Leveraging nearly 20 years of experience, and software installations in every country on Planet Earth, this effort leveraged detections from 236 country code top-level domains (ccTLD). This timely study offers strategic insight into the nature of modern cybercrime, cyberespionage, and cyberwar.
U.S. leads world in trojan detections
This report focuses on the top four malware types detected by Comodo: trojans, worms, viruses, and backdoors. Hackers design malware campaigns to gain the highest return on investment. Comodo discovered 5.8 million trojans in 216 countries. However, the U.S. dominated this dataset, with 1.9 million trojans, or over 32% of the total. The U.S. held this same dubious rank in Q1 2017.
Malware types and countries have unique profiles
Backdoors are the highest “class” of malware, targeting the most affluent countries, often in a targeted fashion; Australia, Great Britain, and Japan appeared prominently in this data. Trojans also tend to be more clustered around richer nations, but appear in every country, and every vertical. Viruses and worms are more often found in poorer countries; viruses are widespread, while worms in particular take advantage of the world’s least protected networks. Somewhat surprisingly, Russia experienced a significant worm infestation in Q2, suggesting that Russian networks are currently very poorly protected.
To see where your country falls within our data, please download the Comodo Q2 2017 Threat Report. And don’t hesitate to send your follow-up questions our way, to this address: firstname.lastname@example.org.
Malware campaigns fluctuate dramatically over time
In Q2, Comodo detected 5.8 million trojans, 4.5 million worms, 2.6 million viruses, and 209,000 backdoors. At the start of Q2, the world saw a sharp rise in worm propagation, chiefly in Asia, as attackers took advantage of networks using older, unpatched, and perhaps unlicensed software. However, by the end of Q2, trojans and worms had regained their status as the world’s first- and second-most common malware types.
Many malware campaigns are not cybercrime at all, but nation-state efforts to facilitate cyberespionage and even to “prepare the battlefield” for cyberwar. This report offers a detailed breakdown of malware types, families, and victim countries that can be used for strategic insight on cybersecurity.
“Brand-name” malware dominates network landscape
A small number of families tend to dominate the global malware village. However, two facets of malware propagation undercut our hope to minimize future infections. First, too many unpatched networks still allow known-bad code right through the front door. Second, some malware types are highly complex – and complexity is the enemy of security.
Consider the Upatre trojan family, which was Comodo’s top trojan detection worldwide in Q2. The U.S., which has been taking cybersecurity seriously for about 20 years, was nonetheless home to nearly 83% of Upatre infections in Q2. But trojans are in fact the most complicated – and flexible – malware type in the world today, with more families than backdoors, viruses, and worms put together. This Q2 analysis clearly shows how computer trojans are a large hall of smoke and mirrors.
Worms were Comodo’s second-most detected malware type in Q2. Here, the victim set belongs to much poorer countries. The Brontok family constituted 49% of worm detections, and the Philippines suffered from 75% of them. But at the country level, Russia has the most to worry about, and the problem might not be easy to fix: not only was Russia #2 in Brontok detections, but #2 in Autorun (our second most common worm), and #1 for each of the next three worms (AutoRunAgent, Hakaglan, and Morto).
Virus is a simpler data set than worm, with the fewest number of families, and a cleaner treemap in the Q2. Just two malware families accounted for 83% of detections: Ramnit (49%), which hit Russia the hardest, and Sality (33%), most active in Thailand. However, viruses in general had more victim nations than worms, and only the virus Parite had a clear primary victim: Portugal, which was blitzed by a virus outbreak in late Q2.
Finally, backdoors are a case study in paradox. 62% of backdoor detections belong to DarkKomet, which is well-known malware (in part made famous by its appearance in cyberwar stories) that still has been nearly impossible to kill. However, as detailed in the Q2 report, the remaining 38% of the backdoor chart is highly complex, and resembles the complexity of our trojan data. Furthermore, given the high-profile and affluent character of this malware type’s target set, the right side of our backdoor chart, without a doubt contains some advanced persistent threat (APT), or nation-state, actors.
Hackers target IT verticals
Online Services, Technology, and Telecom are now frequent targets for cyberattack. IT serves as a “force multiplier,” swiftly scaling cyberattacks and enabling malicious actors to compromise not just one target, but potentially millions in one successful penetration. Hardware and software supply chain attacks can even compromise the security of nation-states. By penetrating entire systems – and by playing the long game – unknown, remote hackers can perform espionage, denial-of-service, and data manipulation against a nearly infinite array of targets.
For a detailed look at your country or favorite malware type, download our Q2 Threat Report. And for even more in-depth information and intelligence, send us a request by email, to email@example.com.
About the Comodo Threat Research Labs Q2 2017 Report
The Comodo Threat Research Labs Q2 2017 Report is the second quarterly publication of the Comodo Threat Research Labs, a group of more than 120 security professionals, ethical hackers, computer scientists, and engineers, who work for Comodo full-time analyzing malware patterns across the globe.
Comodo is a global innovator of cybersecurity solutions. The world’s largest certificate authority, Comodo authenticates, validates, and secures networks and infrastructures from individuals to mid-sized companies to the world’s largest industries.