SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Malware attacks could be linked with Asia's geopolitical events - report
Mon, 19th Feb 2018
FYI, this story is more than a year old

Cyber attacks and geopolitical events in Asia may go hand in hand, according to Comodo's first annual Global Malware Report for 2017, particularly when it comes to North Korea and China.

Cyberespionage and cyber war preparation in Asia is nothing new, so it is no surprise that the region experiences significant cyber attack spikes when significant events happen, the company surmises in the report.

The report shows that malware spikes occurred at the same time as geopolitical events last year – most notably on September 3 when North Korea conducted a nuclear test. China, Russia and the United States condemned the attacks, and at the same time Comodo detected more than 50,000 Trojan detections in China.

In early to mid-May, amid North Korea/China tensions, a meeting with Jared Kushner and China, and the Silk Road Summit in Beijing, Trojan attacks reached more than 30,000.

Later in the year, Comodo saw even more Trojan spikes—totalling 40,000 after an Aug. 8 earthquake that killed 19 and a U.S./China naval spat on Aug. 8 in the South China Sea.

This is not the only example. On August 28 2017, North Korea fired missiles over Japan. The same week, there were almost 25,000 detections in Japan. Trojan activity dropped soon after.

“Nuclear activity of any type draws worldwide attention, as nations scramble to gather intelligence and prepare for possible military operations. The startling spike seen above demanded the creation of the more detailed chart below — especially since Comodo is likely one of the few commercial cybersecurity companies with visibility inside North Korea,” the report explains.

Worm detections in the Philippines also spiked in April when there was dispute about the South China Sea, and in May after conflict with ISIS in Mindanao.

Globally, Trojans and malicious applications caused the majority of malware damage to systems.

“Trojans dominated the malware landscape with 41.0% of Comodo detections. Applications exhibiting malicious, unsafe, or undesirable behavior came in second place at 24.7%. And backdoors were the third-most detected form of malware at 10.1%.

Trojans can be delivered through a range of methods, including phishing emails to malicious advertising.

While Russia was the most popular country for Trojan detections (9.7%), China ranked sixth. The United States ranked top for malicious applications (2.7%), while India featured seventh in the list.

“Looking toward 2018, our malware trendlines show that the detection rate for Trojans, worms, unsafe applications, and malware packers is currently down. Holding steady are applications, unwanted applications, and viruses. Most importantly for Q1 2018, backdoors are now on the rise, which means that for the moment, enterprises should shift some of their focus to the detection and mitigation of backdoors,” the report concludes.