TMCnet News
Solutionary Posts Quarterly Threat Intelligence Report [Professional Services Close - Up](Professional Services Close - Up Via Acquire Media NewsEdge) Solutionary revealed the results of its Security Engineering Research Team (SERT) Quarterly Threat Intelligence Report for Q2. The company reported that Solutionary SERT analyzed the threat landscape using data captured by the patented, cloud-based Solutionary ActiveGuard platform and global threat-intelligence network. According to a company release, as part of its research, the Solutionary SERT identified the top 10 global Internet Service Providers (ISPs) and hosting providers that hosted malware out of more than 21,000 ISPs. Amazon remained the top malware-hosting ISP and saw an increase of approximately 250 percent, while Q4 13's second-most afflicted ISP, GoDaddy, fell 12 percent. In addition to malware analysis, the Q2 threat report provides in-depth analysis and insights by Solutionary threat researchers on the OpenSSL Heartbleed vulnerability discovered in April. "The findings on hosted malware in the Q2 threat report reinforce our research from 2013 and provide additional insights into the mindset and cunning of today's attackers. The findings should provide the information security community with a good understanding of the threat landscape so they better understand the adversaries' behavior," said Rob Kraus SERT director of research, Solutionary. "From an organizational perspective, attention to detail, especially the security basics, is often enough to deter a malicious individual or group of individuals. The tricky part of information security, and the reason we must always be mindful of the trends in the industry, is that the second you make it more difficult for a malicious actor, they have already moved on the next weak link." Key Findings: -Amazon retained the number one spot for malware hosts among top ISPs -The amount nearly tripled, from 16 percent at the end of 2013, to 41 percent halfway through 2014. It is likely that attackers are leveraging larger providers due to cost and ease of use, where a site can be up and running in minutes with minimal cost. They may also use Amazon's hosting services because of the Elastic Cloud Compute (EC2) Web service, which allows the flexibility to scale capacity as needed at a low rate, based on the actual capacity that is consumed. -GoDaddy, a hotbed for malware hosting in the past, saw a sharp decrease -Down from 14 percent in 2013, GoDaddy only accounted for 2 percent of malware hosted by the qualifying ISPs. While this may indicate improved efforts to identify and shutdown domains that are actively hosting malware, it is possible that malicious actors have simply moved on to other, smaller service providers such as new entrants Akrino and Website Welcome. -U.S. still number one malware-hosting nation -The United States extended its overwhelming lead from 44 percent of hosted malware tracked in Q4 2013 to 56 percent in Q2. France, Germany and China represent the next largest samples respectively. -Movers and Shakers: France, The Virgin Islands and Ireland all see increase in hosted malware; Germany, The Netherlands, Russia, The U.K. and Canada decrease -The decrease of malware in Russia is likely attributed to a string of arrests related to malware development, including a large portion of the ring responsible for the BlackHole exploit kit. -Top 10 ISPs represent source of more than half malware identified -Data shows that from more than 21,000 ISPs associated with captured malware samples, the top 10 were the source of 52 percent of the malware identified in the new period. Solutionary, an NTT Group security company, is a managed security services provider. Report information: www.solutionary.com/research/threat-reports/quarterly-threat- reports/sert-threat-intelligence-q2-2014 ((Comments on this story may be sent to [email protected])) (c) 2014 ProQuest Information and Learning Company; All Rights Reserved. |