Compromised enterprise networks fuel 236 percent increase in viruses and worms

Solutionary performed a broad analysis of the threat landscape, which uncovered several key findings. One of the most compelling finding links the rapid growth (236 percent) in viruses and worms from Q3-Q4 – which often indicates successfully compromised enterprise networks – to the free fall (88 percent decrease) in reconnaissance activity between Q2 and Q4 of 2015.

“Threat intelligence is a term that is used loosely today, but one thing the security industry can do to be more effective as a whole, is to better understand and leverage the information that is already at our fingertips,” said Rob Kraus, director of research, Security Engineering Research Team, Solutionary.

“Shellshock was one of the most pervasive vulnerabilities of the digital era and to this day we continue to find payloads such as BASHLITE actively exploiting these vulnerabilities – more than a year after the vulnerability was exposed. Until organizations begin to address the complete security lifecycle, breaches will continue to come and go and consumers’ loss of faith in businesses will continue to negatively affect brand reputation,” Kraus added.

Key findings

Reconnaissance activity plummeted over 76 percent from levels in Q3 ’15. When combined with the drop seen in Q3, this is nearly an 88 percent drop in reconnaissance activity from levels in Q2 ’15.

Observed viruses and worms jumped 236 percent during Q4 ’15. This type of malware is often indicative that an organization may have been otherwise compromised and infected with a virus or worm to maintain persistence and laterally expand within the targeted environment.

Shellshock is actively being exploited in 2015, a year and a half after it was exposed. Moreover, over 77 percent of application-specific attacks observed by Solutionary in Q4 targeted the Shellshock vulnerability.

During 2015, the 130 Android vulnerabilities recorded were more than the previous six years combined. This is cause for concern as more than 76 percent of Android devices are running outdated versions of Android, and nearly 37 percent of all Android devices are running a version of the Android operating system which is more than 26 months old.

While the total volume of detected malware rose only slightly from Q3 ’15, malware from the top five sources (the U.S., China, France, Italy and the U.K) combined to produce 25 percent more malware than they had during Q3 ’15, and accounted for almost 95 percent of malware detected during Q4 ’15.

India entered the top 10 sources of malware with a 221 percent increase in detection. Malware from India included a wide variety of types of malware and targets, including a jump in detections of the MyDoom malware focusing on South Korea and the U.S.

After the Joomla! vulnerability was announced on December 14, .Joomla! exploit attempts were the single most common web application attack for the remainder of Q4 ’15.

Web application attacks retained the top “type of attack” with 41 percent of all attacks during Q4 ’15.