A recently released report by WatchGuard Technologies indicates that approximately 20 percent of today’s malware is new and zero-day-related. This simply means that traditional antivirus programs didn’t succeed in detecting and blocking the threats.
The researchers gathered threat data from hundreds of thousands of customers and network security appliances to reach that conclusion, adding that:
We have different types of malware detection services, including a signature and heuristic-based gateway antivirus. What we found was that 30 percent of the malware would have been missed by the signature-based antiviruses.
18.7 million Malware Variants Detected in Q4 of 2016
The company successfully detected 18.7 million malware pieces in the last quarter of 2016, on customers’ systems that were protected by both signature-based and behavior-based advanced malware protection software. The latter is a service called APT Blocker. More specifically, traditional AV detected 8,956,040 malware variants.
Behavioral-based protection, on the other hand, caught additional 3,863,078 malware variants missed by the traditional. As explained by the company, modern malware can be re-written or changed so that it looks different each time.
This is where systems such as APT blocker come in handy as they run potentially malicious apps in a cloud sandbox. They also use behavioral analysis to recognize malicious samples.
WatchGuard’s report also categorizes observed attacks by type of exploit. The top 10 attacks were web-based where a web server or web clients have been compromised. Web browser attacks were the prevalent type, representing 73 percent of all attacks stemming from the top exploits.
The top category was Linux Trojans searching for Linux devices to include in botnets. Next on the list come Trojan droppers used to distribute ransomware and banking Trojans. In some other cases, researchers have observed the renewal of some old malware such as attacks based on malicious macros attacks spread as email attachments.
The company has also observed attacks based on PHP webshell scripts. Even though this threat is considered quite old, it’s been put into motion once again.