Key Findings from AlienVault’s Open Threat Exchange Platform Reports on Malware

alienvault-malware-otx-report

Last week, we examined the findings of SIEM vendor AlienVault’s Open Threat Exchange (OTX) platform report on exploits in 2017. In the interest of collaborating with other vendors and solution providers to improve the field’s efficiency and comprehensiveness, they released part 2 of their findings on malware this week. The solution-seeker will find in this report another piece of the portrait of the ever-changing digital threat landscape.

Here are the key findings from part 2:

Malware Live Colorful, Global Lives

Analyzing the anonymised security event information from their customers, AlienVault determined that the most popular malware family, NjRat, is particularly prevalent in the Middle East. Its global popularity stems from the ease of obtaining and using it. NjRat malware are simplistic backdoors with a plethora of how-to videos for beginner hackers available on Youtube. NjRat has been employed by both no-name criminals and high-level political attackers.

AlienVault observed that many of the most common malware programs are freely available on the black market, often bundled with anti-virus evasion customizations. The proliferation of freely available hacking tools for the inexperienced and unscrupulous are a rising concern for cybersecurity professionals in 2018.   

Malware Domains are Vulnerable to Sinkholing

As part of their report. AlienVault compiled a list of the most popular malicious domain names, but acknowledged that attackers rarely use a singular domain; that makes it too easy for security professionals and law enforcement to wrest control of the domain away from them. 40% of the most popular malware domains in 2017 were sinkholed—with their online traffic redirected automatically to another destination, in this case to a safe one—effectively nullifying them. The WannaCry ransomware connectivity check domain was halted through sinkholed by MalwareTech.   

This Report Only Touches On the Issue

Many of AlienVault’s findings are biased toward malware families that have named network detections and for polymorphic malware when listing individual samples. Therefore the report cannot list unknown threats, and it should not be taken as a definitive list of all the malware in existence. Instead, it’s a good survey of what kinds of known malware threats exist and how they proliferate.

You can read Part 2 of the report here.

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner

Leave a Reply

Your email address will not be published. Required fields are marked *