theDocumentId => 1297308 Solutionary SERT 2014 Q2 Threat Intelligence ...

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

7/15/2014
01:45 PM
Dark Reading
Dark Reading
Products and Releases
100%
0%

Solutionary SERT 2014 Q2 Threat Intelligence Report: Amazon-Hosted Malware Nearly Triples in First Half 2014

Out of 21,000 Analyzed, 10 Internet Service Providers Host 52 Percent of Malware

OMAHA, NE--(Marketwired - Jul 15, 2014) -  Solutionary, an NTT Group security company (NYSE: NTT), and next generation managed security services provider (MSSP), today announced the results of its Security Engineering Research Team (SERT) Quarterly Threat Intelligence Report for Q2, 2014. Solutionary SERT analyzed the threat landscape using data captured by the patented, cloud-based Solutionary ActiveGuard® platform and global threat-intelligence network. As part of its research, the Solutionary SERT identified the top 10 global Internet Service Providers (ISPs) and hosting providers that hosted malware out of more than 21,000 ISPs. Amazon remained the top malware-hosting ISP and saw an increase of approximately 250 percent, while Q4 13's second-most afflicted ISP, GoDaddy, fell 12 percent. In addition to malware analysis, the Q2 threat report provides in-depth analysis and insights by Solutionary threat researchers on the OpenSSL Heartbleed vulnerability discovered in April, 2014. Readers will also find several sections in the report which provide timely, actionable information that can be used to help secure organizations.

Tweet This: @Solutionary Q2 Threat Report: #Amazon-hosted malware nearly triples in first 2 quarters of 2014 http://goo.gl/il19jL #infosec

"The findings on hosted malware in the Q2 threat report reinforce our research from 2013 and provide additional insights into the mindset and cunning of today's attackers. The findings should provide the information security community with a good understanding of the threat landscape so they better understand the adversaries' behavior," said Rob Kraus SERT director of research, Solutionary. "From an organizational perspective, attention to detail, especially the security basics, is often enough to deter a malicious individual or group of individuals. The tricky part of information security, and the reason we must always be mindful of the trends in the industry, is that the second you make it more difficult for a malicious actor, they have already moved on the next weak link."

Key Findings:

Amazon retained the number one spot for malware hosts among top ISPs

The amount nearly tripled, from 16 percent at the end of 2013, to 41 percent halfway through 2014. It is likely that attackers are leveraging larger providers due to cost and ease of use, where a site can be up and running in minutes with minimal cost. They may also use Amazon's hosting services because of the Elastic Cloud Compute (EC2) Web service, which allows the flexibility to scale capacity as needed at a low rate, based on the actual capacity that is consumed.

GoDaddy, a hotbed for malware hosting in the past, saw a sharp decrease

Down from 14 percent in 2013, GoDaddy only accounted for 2 percent of malware hosted by the qualifying ISPs. While this may indicate improved efforts to identify and shutdown domains that are actively hosting malware, it is possible that malicious actors have simply moved on to other, smaller service providers such as new entrants Akrino and Website Welcome.

U.S. still number one malware-hosting nation

The United States extended its overwhelming lead from 44 percent of hosted malware tracked in Q4 2013 to 56 percent in Q2, 2014. France, Germany and China represent the next largest samples respectively.

Movers and Shakers: France, The Virgin Islands and Ireland all see increase in hosted malware; Germany, The Netherlands, Russia, The U.K. and Canada decrease

The decrease of malware in Russia is likely attributed to a string of arrests related to malware development, including a large portion of the ring responsible for the BlackHole exploit kit. 

Top 10 ISPs represent source of more than half malware identified

Data shows that from more than 21,000 ISPs associated with captured malware samples, the top 10 were the source of 52 percent of the malware identified in the new period. 

To access a copy of the complete report, please visit: http://www.solutionary.com/research/threat-reports/quarterly-threat-reports/sert-threat-intelligence-q2-2014

About Solutionary
Solutionary, an NTT Group security company (NYSE: NTT), is the next generation managed security services provider (MSSP), focused on delivering managed security services, security consulting services and global threat intelligence. Comprehensive Solutionary security monitoring and security device management services protect traditional and virtual IT infrastructures, cloud environments and mobile data. Solutionary clients are able to optimize current security programs, make informed security decisions, achieve regulatory compliance and reduce costs. The patented, cloud-based ActiveGuard® service platform uses multiple detection technologies and advanced analytics to protect against advanced threats. The Solutionary Security Engineering Research Team (SERT) researches the global threat landscape, providing actionable threat intelligence, enhanced threat detection and mitigating controls. Experienced, certified Solutionary security experts act as an extension of clients' internal teams, providing industry-leading client service to global enterprise and mid-market clients in a wide range of industries, including financial services, healthcare, retail and government. Services are delivered 24/7 through multiple state-of-the-art Security Operations Centers (SOCs).

CONTACT INFORMATION

Travis Anderson
925-271-8227 
Email Contact

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37443
PUBLISHED: 2021-07-25
NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion.
CVE-2021-37444
PUBLISHED: 2021-07-25
NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Au...
CVE-2021-37445
PUBLISHED: 2021-07-25
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading.
CVE-2021-37446
PUBLISHED: 2021-07-25
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading.
CVE-2021-37447
PUBLISHED: 2021-07-25
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion.