Today Yoroi released its last cybersecurity report (available HERE). Following I am copying one of its chapters to give you a little flawor about what you can get for free by downloading it ! Hope you might like its contents.
The volume of the malicious code produced and disseminated in the wild is constantly increasing. Technical advantages and software engineering techniques not only empower companies to transform and digitalize their businesses, but also help cyber criminals in the systematic development of attack infrastructures.
With over a billion of samples produced in 2020 [https://www.av-test.org/en/statistics/malware/], malware can be seen – with no doubt – as an Industry characterized by production processes, engineering, supply chains and delivery. Year after year, this aspect is constantly growing and no matter how many actors and malware operators get arrested by law enforcement agencies, they are easily replaced with new emergent gangs. This is a side effect of the ongoing digitalization process that is involving our economy and its growth could potentially last for many other decades.
In this environment, such huge malware production represents a threat for companies and enterprises operating in the digitalized economy. Especially because many of the malwares out there are new.
New malware, or Zero-day malware, is incredibly dangerous for companies relying on traditional security systems, because it breaks one of the foundational assumptions behind the legacy anti-virus approach, which is based on stopping known pieces of malicious code. Therefore, we track Zero-Day malware in our telemetry.
In fact, Yoroi’s technology captures and collects samples spread during cyber-attacks and automatically analyze them just when they approach the company network perimeter. During this process, as part of the automatic analysis pipeline, Yomi Sandbox checks and reports if the malicious files are potentially detected by Anti-Virus technologies in the specific time the malware is spread to the target organization. This give us a precious insight on how Zero-Day malware evolves in time and how critical is for companies, because well-known threats are much easier to be intercepted, unknown ones definely not.
We call Zero-Day malware every sample that turns out to be an unknown variant of arbitrary malware families. The following image (Fig:X) shows the 58 % of the analyzed malware files in 2020 were unknown from common anti-virus solutions in the moment they crossed the company perimeter.
Figure. Zero Day malware delivered to organizations.
The reported data are collected during the first malicious files propagation attempts across organizations. This means companies are heavily exposed to a relevant Zero-Day malware risk. Detecting such kind of malware quickly plays a vital role in well-established cyber security strategies because it will sensibly lower the risk of major security issues, data breach or cyber crisis situations.
Along with the Zero-Day malware observation, a good part of the known malware samples are not so well detected by anti-virus solutions: the 41.8 % of the samples known were only barely recognized. In fact, over a third of the known malware were detectable by less than 15 antivirus engines at time of attack.
If we sum up these two categories, the zero-day malware and the barely known ones, we end up that 75.6 % of the malicious files used to attack the organization have a non-negligible chance to bypass the traditional security perimeter.
A reasonable interpretation of these data conforms the sophistication of the malware industry. In fact, dissecting the Zero-Day malware category, many of the intercepted malware belongs to two distinct classes: the 66% of the unknown samples shows typical trojan behaviors, granting the attackers further, persistent access to the compromised workstation, and the 28% download and execute other malicious artifacts, behaving as a part of a more complex, multi-stage infection chain.
Summing up the findings, business organizations nowadays are facing extremely dangerous risk scenarios due to the current malware threat landscape, which is characterized by three main facts:
- The extremely high volumes of malware samples produced and disseminated by the cyber-criminal operators.
- Over two third of the incoming malicious files are unknown, or at least barely known, at time of attack.
- Most of the malicious files are designed to drop and install further implants or provide direct access to the compromised machines.
Figure. Zero-Day malware intercepted by CSDC technologies with no AV matches at time of detection.
Full report is available HERE !