Last week, we examined the findings of SIEM vendor AlienVault’s Open Threat Exchange (OTX) platform report on exploits in 2017. In the interest of collaborating with other vendors and solution providers to improve the field’s efficiency and comprehensiveness, they released part 2 of their findings on malware this week. The solution-seeker will find in this report another piece of the portrait of the ever-changing digital threat landscape.
Here are the key findings from part 2:
Malware Live Colorful, Global Lives
Analyzing the anonymised security event information from their customers, AlienVault determined that the most popular malware family, NjRat, is particularly prevalent in the Middle East. Its global popularity stems from the ease of obtaining and using it. NjRat malware are simplistic backdoors with a plethora of how-to videos for beginner hackers available on Youtube. NjRat has been employed by both no-name criminals and high-level political attackers.
AlienVault observed that many of the most common malware programs are freely available on the black market, often bundled with anti-virus evasion customizations. The proliferation of freely available hacking tools for the inexperienced and unscrupulous are a rising concern for cybersecurity professionals in 2018.
Malware Domains are Vulnerable to Sinkholing
As part of their report. AlienVault compiled a list of the most popular malicious domain names, but acknowledged that attackers rarely use a singular domain; that makes it too easy for security professionals and law enforcement to wrest control of the domain away from them. 40% of the most popular malware domains in 2017 were sinkholed—with their online traffic redirected automatically to another destination, in this case to a safe one—effectively nullifying them. The WannaCry ransomware connectivity check domain was halted through sinkholed by MalwareTech.
This Report Only Touches On the Issue
Many of AlienVault’s findings are biased toward malware families that have named network detections and for polymorphic malware when listing individual samples. Therefore the report cannot list unknown threats, and it should not be taken as a definitive list of all the malware in existence. Instead, it’s a good survey of what kinds of known malware threats exist and how they proliferate.
You can read Part 2 of the report here.
Latest posts by Ben Canner (see all)
- A Conversation with Travis Knapp-Prasek of NCC Group on Phishing Attacks - April 2, 2020
- The Marriott 2020 Breach: What You Need to Know - April 1, 2020
- Business SIEM Advice for After the End of Coronavirus - March 31, 2020