There were nearly 400 million malware incidents around the world in the third quarter, permeating throughout every nation-state on the planet.
According to Comodo Threat Research Labs’ Q3 2017 global report, even the tiny island nation of Kiribati in the South Pacific has malware—a state of affairs that has propelled malware occurrences in Q3 to total roughly four times the number in Q2 (97 million).
The top five countries for malware infections in the quarter were Russia, the US, Poland, the UK, and Germany; and while malware is present everywhere, the top 20 countries accounted for over 80% of detections.
The report also uncovered that trojans, that Swiss Army knife of malware that can be used for any type of follow-on attack including ransomware, are the top malware threats, totaling 13.7 million. Trojans are followed by viruses (5.4 million), worms (2.8 million), backdoors (553,000) and packed malware (284,000).
In terms of regional trends, Comodo found that viruses and worms tend to afflict poorer nations with a prevalence of older, unlicensed, unpatched or pirated software; as a result, South America, Africa, Southeast Europe, and Southeast Asia had a high proportion of these types of infections.
Meanwhile, North Korea had a high number of backdoors. Comodo detections within North Korean network space showed fewer exposed vulnerabilities but a high number of targeted attacks.
The report also found that there’s been a rise in large-scale, global email-based phishing attacks, related to the Locky ransomware trojan. Comodo detected the phishing campaigns from August to September 2017, and found that they were launched primarily from the IP addresses of infected “zombie computers,” owned by telecom companies and ISPs. Of the enterprise customers attacked, only the ones with a “default deny” security posture were truly safe.
“This attack was unique in its combination of sophistication and size, backed by a botnet spread across more than 11,000 IP addresses in 133 countries in just the first stage of the attack,” said Fatih Orhan, head of the Comodo Threat Intelligence Lab (CTIL). “Also, the malware was designed to avoid detection by sandboxing and artificial intelligence technologies common in many endpoint protection systems.”