Today we released our first Threat Landscape Review, which takes a high-level view of how malware is delivered to networks across major industries around the world. The data used for this report was derived from Palo Alto Networks WildFire™, which automatically identifies threats from malware over a wide array of applications by executing them in a virtual environment, observing their behavior. This data was collected from live systems in networks belonging to 2,363 different companies operating in 82 different countries.
While there are currently over 4,000 organizations using WildFire to defend their networks the data for this report was specifically collected from organizations in 10 key verticals:
- Critical Infrastructure
- High Tech
- Higher Education
- Professional Services
- Retail and Wholesale
The following are key findings from this report:
- Globally, our platform detected malware delivered in over 50 distinct applications. 87% of this malware was delivered over SMTP, 11.8% through Web-Browsing (HTTP) and 1.2% in the remaining applications.
- While all verticals saw SMTP and HTTP as the primary channels for malware delivery, they varied greatly in the percentage for each. Retail and Wholesale organizations received almost 28% of malware over the web channel while Hospitality organizations received less than 2% through the same channel.
- Over 90% of unique malware samples were delivered in just one or two sessions, while a much smaller proportion was delivered in over 10,000 attacks.
- While the US is still the leading callback location across all verticals, analysis revealed a variance in callback prevalence by country based on each vertical.
- One malware family, known as Kuluoz or Asprox, was responsible for approximately 80% of all attack sessions recorded in the month of October. This malware sends copies of itself over e-mail quickly and to users all around the world and then attempts to download additional malware, impacting 1,933 different organizations.
Download the full report here.
Subscribe to Unit 42 threat intelligence alerts here.
[Palo Alto Networks Blog]