sb-as logo
Story image

Malware attacks could be linked with Asia's geopolitical events - report

19 Feb 2018

Cyber attacks and geopolitical events in Asia may go hand in hand, according to Comodo’s first annual Global Malware Report for 2017, particularly when it comes to North Korea and China.

Cyberespionage and cyber war preparation in Asia is nothing new, so it is no surprise that the region experiences significant cyber attack spikes when significant events happen, the company surmises in the report.

The report shows that malware spikes occurred at the same time as geopolitical events last year – most notably on September 3 when North Korea conducted a nuclear test. China, Russia and the United States condemned the attacks, and at the same time Comodo detected more than 50,000 Trojan detections in China.

In early to mid-May, amid North Korea/China tensions, a meeting with Jared Kushner and China, and the Silk Road Summit in Beijing, Trojan attacks reached more than 30,000.

Later in the year, Comodo saw even more Trojan spikes—totalling 40,000 after an Aug. 8 earthquake that killed 19 and a U.S./China naval spat on Aug. 8 in the South China Sea.

This is not the only example. On August 28 2017, North Korea fired missiles over Japan. The same week, there were almost 25,000 detections in Japan. Trojan activity dropped soon after.

“Nuclear activity of any type draws worldwide attention, as nations scramble to gather intelligence and prepare for possible military operations. The startling spike seen above demanded the creation of the more detailed chart below — especially since Comodo is likely one of the few commercial cybersecurity companies with visibility inside North Korea,” the report explains.

Worm detections in the Philippines also spiked in April when there was dispute about the South China Sea, and in May after conflict with ISIS in Mindanao.

Globally, Trojans and malicious applications caused the majority of malware damage to systems.

“Trojans dominated the malware landscape with 41.0% of Comodo detections. Applications exhibiting malicious, unsafe, or undesirable behavior came in second place at 24.7%. And backdoors were the third-most detected form of malware at 10.1%.”

Trojans can be delivered through a range of methods, including phishing emails to malicious advertising.

While Russia was the most popular country for Trojan detections (9.7%), China ranked sixth. The United States ranked top for malicious applications (2.7%), while India featured seventh in the list.

“Looking toward 2018, our malware trendlines show that the detection rate for Trojans, worms, unsafe applications, and malware packers is currently down. Holding steady are applications, unwanted applications, and viruses. Most importantly for Q1 2018, backdoors are now on the rise, which means that for the moment, enterprises should shift some of their focus to the detection and mitigation of backdoors,” the report concludes.

Download image
Enterprise leaders discuss what makes up networking infrastructure
NFV is fast becoming the go-to method of simplifying corporate networks from planning, through deployment and management.More
Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Link image
Why the threat of ransomware requires quality resources to keep it at bay
With this ransomware prevention kit, learn actionable tactics for IT departments on how to manage backups and enable staff so that ransomware is a managed and controlled risk.More
Story image
BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings
“Combining Managed Sentinel’s Azure Sentinel deployment expertise with BlueVoyant’s MDR capabilities will help customers operationalise and maximise Microsoft security technologies."More
Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More
Story image
NordVPN upgrades infrastructure with launch of colocated servers
"The greatest advantage of having colocated servers is their complete ownership, which guarantees access only by our authorised people."More