SOURCE: Solutionary

Solutionary

January 15, 2014 08:00 ET

Solutionary SERT Q4 2013 Threat Intelligence Report Reveals US Is Top Malware Hosting Nation

Malware Distributors Are Using Cloud Services From Amazon, GoDaddy and Google to Create On Demand Malware Sites and to Avoid Geographic Blacklisting; More Than 40 Major Anti-Virus Engines Fail to Detect Malware

OMAHA, NE--(Marketwired - Jan 15, 2014) - Solutionary, an NTT Group Security Company (NYSE: NTT) and a leading pure-play managed security services provider (MSSP), today announced that it has released its Security Engineering Research Team (SERT) Quarterly Threat Intelligence Report for Q4 2013. Intelligence on key security threats observed and information gathered over this period by Solutionary analysts focused predominantly on the distribution and analysis of malware. Using the cloud-based Solutionary ActiveGuard® platform and global threat-intelligence network, the SERT discovered that the United States is the leading malware hosting nation, with 44 percent of all malware hosted domestically. A discovery showing that the U.S. hosts approximately 5 times more malware than the second-leading malware-hosting nation, Germany, which is responsible for 9 percent of the malware SERT detected.

In addition to these findings, the SERT discovered that malware distributors are rapidly and widely adopting cloud computing, either by buying services directly or by compromising legitimate domains. This trend is allowing distributors to quickly and cost-effectively develop sites and bring them online, as well as to avoid geographic blacklisting by hiding behind the reputations of major hosting providers such as Amazon, GoDaddy and Google. 

Tweet This: .@Solutionary Q4 Threat Report: US is top #malware hosting nation. @awscloud, @GoDaddy top malware hosting #clouds http://goo.gl/ofcxdt

"The information in this report will show our readers how widespread the malware problem truly is and how close it hits to home. We aren't just talking about foreign espionage campaigns, APTs and breaches; many of these malicious activities are taking place within U.S. borders," said Solutionary SERT Director of Research Rob Kraus. "Malware and, more specifically, its distributors are utilizing the technologies and services that make processes, application deployment and website creation easier. Now we have to maintain our focus not only on the most dangerous parts of the Web but also on the parts we expect to be more trustworthy."

Key Findings:

U.S. Identified as Leading Malware-Hosting Nation by Large Margin
The U.S. hosts 44 percent of all SERT-detected malware. This is approximately 5 times more than the next malware-hosting leader, Germany, which SERT identified as being responsible for hosting 9 percent of detected malware. Because of the overwhelming geographic dominance of domestically hosted malware, it is evident that geographic blacklisting and blocking strategies are not effective defensive mechanisms for U.S. organizations to use in the fight to detect and block malware attacks. 

Malware Distributors Leverage Cloud, Using Top Hosting Providers such as Amazon, GoDaddy, Google
The cloud is allowing malware distributors to create, host and remove websites rapidly, and major hosting providers such as Amazon, GoDaddy and Google have made it economical for malicious actors to use their services to infect millions of computers and vast numbers of enterprise systems. Malicious actors are also compromising legitimate domains for nefarious purposes. Use of these services and domains also allows malware distributors to avoid detection and geographic blacklisting, as they provide trusted URL spaces that will not turn up on most blacklists. The SERT identified Amazon and GoDaddy as the top malware-hosting providers, with a 16 percent and a 14 percent share, respectively.

As part of its report, Solutionary provides recommendations for how Internet Service Providers can limit the risk associated with malware distribution by sites hosted and domain name system (DNS) names registered. But, ultimately it is still up to providers to take action to stop the proliferation of malware and to be accountable for policing the activities on their properties.

Anti-Virus Engines Still Important but Do Not Detect All Malware
A sampling of the malware distributed by sites hosted by OVH revealed that none of the 40 top anti-virus engines detected the 750-plus malicious binaries. Researchers found that a significant portion of the malware sampled consisted of Microsoft Windows 32-bit Portable Executable (PE32) files being used to distribute pay-per-install applications known as potentially unwanted applications (PUAs). The adware installer would install, or appear to install, legitimate software applications to cover its tracks. One specific malicious domain, bb.rauzqivu.ru, was of specific interest to SERT researchers, since to evade detection it had operated across 20 countries, 67 services providers and 199 unique IP addresses in just a two-week period. A list of noted applications can be found in the report.

To access a copy of the complete report, please visit: http://www.solutionary.com/research/threat-reports/quarterly-threat-reports/sert-threat-intelligence-q4-2013/

Visit our blog at http://blog.solutionary.com/
Follow us on Twitter: @Solutionary
Follow us on LinkedIn: http://www.linkedin.com/company/Solutionary
Like us on Facebook: https://www.facebook.com/solutionary.mssp

About Solutionary
Solutionary, an NTT Group Security Company (NYSE: NTT), is the leading pure-play managed security services provider (MSSP), focused on delivering managed security services and global threat intelligence. Comprehensive Solutionary security monitoring and security device management services protect traditional and virtual IT infrastructures, cloud environments and mobile data. Solutionary clients are able to optimize current security programs, make informed security decisions, achieve regulatory compliance and reduce costs. The patented, cloud-based ActiveGuard® service platform uses multiple detection technologies and advanced analytics to protect against advanced threats. The Solutionary Security Engineering Research Team (SERT) researches the global threat landscape, providing actionable threat intelligence, enhanced threat detection and mitigating controls. Experienced, certified Solutionary security experts act as an extension of clients' internal teams, providing industry-leading client service to global enterprise and mid-market clients in a wide range of industries, including financial services, healthcare, retail and government. Services are delivered 24/7 through multiple state-of-the-art Security Operations Centers (SOCs). For more information, visit www.solutionary.com.

Contact Information

  • Media Contact
    Travis Anderson
    Trainer Communications
    925-271-8227
    Email Contact