Upon information requests submitted to the Kaspersky Threat Intelligence Portal, it was determined that approximately three-quarters (72%) of the analyzed harmful files span three categories: Trojans, backdoors, and malware installers. The collected statistics also revealed that the types of malware that the researchers examined most often did not match the most common types.
Detection of harmful activities constitutes only the first stage of the attack investigation process. For intervention and repair worksecurityanalysts need to identify the attack target, the source of the harmful object, its popularity, and so on. Kaspersky Threat Intelligence Portal helps analysts reveal the background of attacks more quickly. Kaspersky experts examined free requests for information to the Kaspersky Threat Intelligence Portal to see which types of harmful objects are being searched the most.
In most cases, it was understood that most of the suspicious files uploaded were Trojans (25% of requests), backdoors (24%) that allow attackers to remotely control the computer, and malware installers (23%) to download malicious objects. Trojans are the most common type of malware, according to statistics from the Kaspersky Security Network infrastructure, which processes cyber security data sent by millions of volunteer participants worldwide. However, backdoors and malware installers aren't as common. These types make up 7% and 3% of all harmful files that Kaspersky endpoint products block, respectively.
This difference can be explained by the fact that researchers often focus on the final target of the attack. Endpoint protection products try to prevent attacks at an early stage. These products prevent the user from opening a malicious file or clicking on a malicious link, preventing back doors from reaching the computer. In addition, security researchers are trying to identify all the components inside the malware installers.
Primis Player Placeholder
In addition, the popularity of these categories can be explained by the interest in certain threats and the need for researchers to analyze them in more detail. For example, too much about earlier this year news The number of users looking for information about the Emotet was high. There were also demands on backdoors related to Linux and Android operating systems. While such malware families have attracted the attention of security researchers, their numbers remain relatively low compared to threats targeting Microsoft Windows.
“We have seen less than one percent requests to check viruses on the Kaspersky Threat Intelligence Portal, or code fragments that add themselves to other programs,” said Threat Monitoring and Heuristics Detection Division Leader Denis Parinov. However, these are often among the most common threats detected by endpoint solutions. Such threats copy themselves and insert their code into other files. Thus, they can cause many harmful files in the system. However, as far as we can see, viruses are not very interesting to researchers since they are not very new compared to other threats. ” said