Kulouz, Asprox malware family accounts for 80% of attacks
New research released by Palo Alto says malware family affected 2,000 organisations in October
A single malware family, known as Kulouz or Asprox, was responsible for about 80% of all attack sessions during October 2014, according to the new Unit 42 Threat Landscape Review released by Palo Alto Networks.
The report said that these attacks impacted nearly 2,000 different organisations, and that the malware family has plagued the internet for years, despite multiple attempts to disrupt its infrastructure.
Other findings from the report revealed that all verticals saw e-mail (SMTP)and HTTP as the primary channels for malware delivery, but the percentages for each industry vary significantly, indicating that these industries have different threat profiles.
Retail and wholesale organisations received almost 28% over the web channel, while hospitality organisations received just 2% over the same channel, the report said.
Malware was delivered in over 50 distinct applications, 87% of which were delivered over e-mail and 11.8% through web browsing (HTTP). While these two channels account for the majority of malware attacks, Palo Alto said that it is important that organisations are able to identify malware in any application allowed in their network.
"The trends we observe in the Threat Landscape Review indicate that malware attacks against industries such as finance, healthcare and critical infrastructure occur over similar channels but in significantly different proportions," said Ryan Olson, Unit 42 intelligence director at Palo Alto Networks.
"It is essential that information security practitioners, from management to governance to enablement and execution, stay current on trends and malware distribution patterns and take a prevention-centric approach to securing their organisations."
The report also found that over 90% of unique malware samples were delivered in just one or two attacks. Most of these files are part of overarching malware families, but, by deploying distinct files just once or twice, attackers can evade many antivirus programs. Palo Alto advised that practitioners need to consider security that can identify and stop attacks at multiple stages in the attack kill chain.
The Unit 42 Threat Landscape Review is a recurring report examining how organisations in different industries are affected by malware. Research was performed by Unit 42, the Palo Alto Networks threat intelligence team, and included data from WildFire, a component of the Palo Alto Networks threat intelligence cloud that helps identify threats from applications by executing them in a virtual environment.