Malware Spikes Coincided with 2017 Geopolitical Incidents

Malware Spikes Coincided with 2017 Geopolitical Incidents

A new report has linked outbreaks of malware activity to geopolitical events and tensions.

Comodo Threat Research LabsGlobal Malware Report 2017 was compiled by former NSA analyst, Kenneth Geers and utilizes the company’s malware monitoring capabilities in over 190 countries worldwide, including North Korea.

The top three categories of malware discovered over the past year were: trojans (41%), applications exhibiting malicious, unsafe, or undesirable behavior (24%) and backdoors (10%).

Russia hosted the highest number of trojans (9%), backdoors (19%) and worms (19%), whilst the US had the highest volume of malicious applications (3%), as well as viruses (9%) and malware packers (2%).

However, the real interest came in the correlation between geopolitical events and malware spikes around the world.

In the US on October 24 last year, Comodo spotted a large jump in Kryptik trojan detections, numbering almost 300,000. The vast majority (94%) were located in Virginia, which was at the time the scene of a close-fought gubernatorial election.

On the global stage, Comodo observed a spike of 20,000 viruses during Chinese president Xi Jinping’s visit to Mar-a-Lago and North Korean missile tests. Trojan attacks numbering over 30,000 were launched in early-mid May during heightened North Korea/China tensions and the Silk Road summit in Beijing.

Also, 40,000 trojans were spotted after a US/China naval spat in the South China Sea on August 8 and on September 2 during a North Korea nuclear test.

Trojan activity inside North Korea also spiked there on September 19 when President Trump threatened at the UN to “totally destroy” the country.

In fact, malware was not limited to trojans, as Comodo explained:

"In-depth Comodo analysis of all of these malware detections suggests that North Korean network administrators are attempting to protect computer systems running unlicensed copies of Windows 7, using a variety of means including the use of remote access tools to monitor user activity and by trying to bypass Windows User Account Control (UAC)."

The good news is that detection rate for trojans, worms, unsafe applications and malware packers are down, whilst those for applications, unwanted applications and viruses are holding steady.

However, enterprises should be aware that backdoors are on the rise in 2018, the report warned.

Source: Information Security Magazine