Um relatório recentemente divulgado pelo WatchGuard Technologies indica que aproximadamente 20 por cento dos malwares de hoje é relacionada com zero-day novo e. Isto significa simplesmente que os programas antivírus tradicionais não conseguem detectar e bloquear as ameaças.
o pesquisadores gathered threat data from hundreds of thousands of customers and network security appliances to reach that conclusion, acrescentando que:
We have different types of malware detection services, including a signature and heuristic-based gateway antivirus. What we found was that 30 percent of the malware would have been missed by the signature-based antiviruses.
18.7 million Malware Variants Detected in Q4 of 2016
The company successfully detected 18.7 million malware pieces in the last quarter of 2016, on customers’ systems that were protected by both signature-based and behavior-based advanced malware protection software. The latter is a service called APT Blocker. Mais especificamente, traditional AV detected 8,956,040 malware variants.
Behavioral-based protection, por outro lado, caught additional 3,863,078 malware variants missed by the traditional. Como explicado pela empresa, modern malware can be re-written or changed so that it looks different each time.
This is where systems such as APT blocker come in handy as they run potentially malicious apps in a cloud sandbox. They also use behavioral analysis to recognize malicious samples.
relacionado: Topo 10 Free AntiVirus Tools 2016 Relatório
WatchGuard’s report also categorizes observed attacks by type of exploit. O topo 10 attacks were web-based where a web server or web clients have been compromised. Web browser attacks were the prevalent type, representing 73 percent of all attacks stemming from the top exploits.
The top category was Linux Trojans searching for Linux devices to include in botnets. Next on the list come Trojan droppers used to distribute ransomware and banking Trojans. In some other cases, researchers have observed the renewal of some old malware such as attacks based on malicious macros attacks spread as email attachments.
The company has also observed attacks based on PHP webshell scripts. Even though this threat is considered quite old, it’s been put into motion once again.