sb-as logo
Story image

Malware attacks could be linked with Asia's geopolitical events - report

19 Feb 2018

Cyber attacks and geopolitical events in Asia may go hand in hand, according to Comodo’s first annual Global Malware Report for 2017, particularly when it comes to North Korea and China.

Cyberespionage and cyber war preparation in Asia is nothing new, so it is no surprise that the region experiences significant cyber attack spikes when significant events happen, the company surmises in the report.

The report shows that malware spikes occurred at the same time as geopolitical events last year – most notably on September 3 when North Korea conducted a nuclear test. China, Russia and the United States condemned the attacks, and at the same time Comodo detected more than 50,000 Trojan detections in China.

In early to mid-May, amid North Korea/China tensions, a meeting with Jared Kushner and China, and the Silk Road Summit in Beijing, Trojan attacks reached more than 30,000.

Later in the year, Comodo saw even more Trojan spikes—totalling 40,000 after an Aug. 8 earthquake that killed 19 and a U.S./China naval spat on Aug. 8 in the South China Sea.

This is not the only example. On August 28 2017, North Korea fired missiles over Japan. The same week, there were almost 25,000 detections in Japan. Trojan activity dropped soon after.

“Nuclear activity of any type draws worldwide attention, as nations scramble to gather intelligence and prepare for possible military operations. The startling spike seen above demanded the creation of the more detailed chart below — especially since Comodo is likely one of the few commercial cybersecurity companies with visibility inside North Korea,” the report explains.

Worm detections in the Philippines also spiked in April when there was dispute about the South China Sea, and in May after conflict with ISIS in Mindanao.

Globally, Trojans and malicious applications caused the majority of malware damage to systems.

“Trojans dominated the malware landscape with 41.0% of Comodo detections. Applications exhibiting malicious, unsafe, or undesirable behavior came in second place at 24.7%. And backdoors were the third-most detected form of malware at 10.1%.”

Trojans can be delivered through a range of methods, including phishing emails to malicious advertising.

While Russia was the most popular country for Trojan detections (9.7%), China ranked sixth. The United States ranked top for malicious applications (2.7%), while India featured seventh in the list.

“Looking toward 2018, our malware trendlines show that the detection rate for Trojans, worms, unsafe applications, and malware packers is currently down. Holding steady are applications, unwanted applications, and viruses. Most importantly for Q1 2018, backdoors are now on the rise, which means that for the moment, enterprises should shift some of their focus to the detection and mitigation of backdoors,” the report concludes.

Story image
Hackers offering forged “official” COVID vaccination certificates and negative test results on dark net 
There has been a 350% increase in the number of advertisements selling alleged COVID vaccines within the last three months.More
Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
IT leaders prioritising automation, Zero Trust and API-based security investments
"The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fuelled explosion in distributed and remote work has created a perfect storm for network security teams."More
Story image
ABB and Nozomi Networks extend collaboration, deliver improved OT security solutions
"With Nozomi Networks solutions added to our cybersecurity portfolio, our customers gain proven network monitoring and threat detection technology."More
Story image
Video: 10 Minute IT Jams - Who is Okta?
Okta is an identity and access management company, specialising in secure user authentication. It's an enterprise-grade identity management service, built for the cloud, but compatible with many on-premises applications.More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More