Anonymous statistics from free requests in the “Kaspersky Threat Intelligence Portal” revealed that almost three-quarters (72%) of the analyzed malicious files were divided into three categories:“Trojans”,“Backdoors” and “Droppers”.
The statistics also show that the types of malware that researchers often investigate do not match those most prevalent.
Malicious activity detection is only the starting point for attack research. To develop response and remedial measures, security analysts must determine the target of the attack, the origin of a malicious object, its popularity, and so on.
Kaspersky “Threat Intelligence Portal” helps analysts uncover the background of an attack more quickly; Kaspersky experts examined free requests to the “Kaspersky Threat Intelligence Portal” to reveal what malicious objects processed in the portal are most commonly associated with.
In most cases, registered fragmented or suspiciously downloaded files turned out to be “Trojans” (25% of requests), “Backdoors” (24%) -malware that gives the attacker remote control over a computer- and “Trojan”–“Droppers” (23%); that install other malicious objects.
Statistics from the “Kaspersky Security Network” -the infrastructure dedicated to processing cybersecurity-related data streams by millions of volunteer participants around the world- also show that “Trojans” is usually the most prevalent type of malware.
However, “Backdoors” and “Trojans”–“Droppers” are not as common; they make up only 7% and 3% of all malicious files blocked by Kaspersky products for terminal devices.
This difference can be explained by the fact that researchers are often interested in the ultimate target of the attack, while endpoint protection products try to prevent it at an early stage. For example, they do not allow an end-user to open a malicious email or follow a malicious link, preventing “Backdoors” from accessing the user’s computer. In addition, security researchers must identify all the ingredients contained in “Dropper”.
Also, the popularity of these categories can be explained by the interest in specific threats and by the need for researchers to analyze them in more detail. For example, many users have been actively searching for “Emotet” information, as several articles have appeared about this malware at the beginning of the year. Some requests related to “Backdoors” in operating systems “Linux” and “Android”. Such malware families are of interest to security researchers, but their levels are relatively low compared to the threats targeted “Microsoft Windows”.