Trojans are still the No. 1 malware threat, with Russia accounting for the most Trojan targets and receiving the most malware attacks overall in 2017. Geopolitics, meanwhile, seemed to guide major malware campaigns during the year.
That’s according to the Comodo Threat Research Lab's Global Malware Report 2017, which also found that Trojans were detected in 225 countries in 2017, with Russia receiving 9% of all Trojan detections. Russia also led the world in backdoors and worm detections, while the US, the second-most targeted country for malware, led the world in application threats, including unsafe and unwanted applications, viruses and packer malware.
Interestingly, backdoor threats were up in the fourth quarter, while other malware patterns remained even or declined. Meanwhile, online services and technology were the top two most-targeted verticals.
“Cyberattacks persist because computer hacking has also become a professional discipline. Criminal syndicates and national three-letter agencies compete for top talent and devise increasingly powerful ways to leverage the power of computer network operations,” Comodo noted in the report.
“If you manage an important network, these historical dynamics mean at least three things," Comodo continues in the report. "First, your computer network is vulnerable. Second, at some point it will be targeted by an advanced hacker. Third, due to the international architecture of the internet, law enforcement may not be able to help you very much. Fortunately, this is not rocket science, and there are many things you can do to protect your data, your customers, and your reputation, from keeping your software up-to-date to retaining off-line backups and teaching your employees how to spot social engineering.”
The report also found that geopolitical events in multiple regions coincided with malware increases throughout the year. The report points out that there was a massive spike in Kryptik Trojans that occurred on 24 October 2017, with more than 94% of nearly 300,000 Trojans focused on the state of Virginia, where a close and hard-fought gubernatorial election took place.
Similarly, China saw a virus surge of nearly 20,000 attacks when China’s President Xi visited the US in April 2017 and North Korea fired test missiles; Trojan attacks in China spiked to 30,000 during the Silk Road Summit in early to mid-May 2017, to 40,000 in early August 2017 after an earthquake and a US-China naval dispute; and to 55,000 on 3 September 2017, after China joined the US and Russia in condemning a North Korea nuclear test.
There was also a startling Trojan increase in North Korea on 19 September 2017, corresponding with a speech at the United Nations in which Donald Trump threatened to destroy the country.
“In the internet era, all major real-world events have a reflection in cyberspace, often in the form of malware, which can be used to steal, block, or manipulate data in myriad unauthorized ways,” said Comodo in the report. “While spikes in malware detection...could be coincidental, it should no longer come as a surprise when significant events such as missile launches, nuclear threats, and other forms of international tension are reflected in cyberspace in the form of concurrent computer network operations.”