New Lastline Report Finds That 90 Percent Of Malware It Analyzes Is Given Generic, Unhelpful Labels By AV Tools, Among Additional Actionable Malware Insights

By   ISBuzz Team
Writer , Information Security Buzz | Apr 24, 2018 11:00 am PST

Company also publicly introduces its Behavioral Intelligence Program aimed at further improving security effectiveness and speed to remediation

Lastline Inc., the leader in advanced network-based malware protection, today announced the results of its first comprehensive malware behavior report, the Q4 2017 Malscape® Monitor Report. This report is the first in an on-going series that will deliver previously unavailable trends and actionable insights into malicious behaviors and how threats unfold.

The tens of millions of samples that Lastline analyzed for this report were for the most part scanned and released by other security solutions, meaning Lastline is literally “The Last Line of Defense®.” Reflecting the objects analyzed in the last quarter of 2017, the report found:

  • Enterprises, and malware authors, use a wide range of file types, illustrating the need to have protection parity across all attack vectors
  • Of the objects received via email or online and cleared by other security tools, one in 500 were found to be malicious, resulting in malware being introduced daily into enterprise networks
  • Sixty-five percent of malware files had never been submitted to VirusTotal and were seen only once by Lastline, leaving signature-based detection technologies ineffective
  • One in 12 malware samples exhibit particular advanced persistent threat capabilities that make them hard to detect and particularly dangerous
  • Ninety percent of files that Lastline determined to be malicious were given generic labels by AV tools, such as trojan.generic, providing limited guidance for successful remediation and leaving enterprises exposed to subsequent attacks resulting from compromised credentials
  • The file types that malware authors used to launch attacks varied widely across regions, as did the payloads and targets

The company also is announcing the Lastline Behavioral Intelligence Program, an innovative behavior-based approach to threat intelligence that will improve security effectiveness, speed to remediation, and completeness of remediation. Using data from Lastline’s global deployment of millions of sensors, the program will make unique actionable information about cybersecurity threats publicly available to inform security teams’ ability to detect and block attacks and improve their efforts to secure email, web access, corporate networks, and cloud storage and apps.

“The Lastline Behavioral Intelligence Program is built on core strengths of Lastline – our understanding of malicious behaviors and our ability to connect them to intrusions and breaches,” noted Lastline CEO and co-founder, Chris Kruegel. “With this program, we’re overcoming serious shortcomings in existing threat intelligence systems that deliver one-time IoCs that are essentially useless for blocking future attacks, resulting in broken incident response processes and ineffective intrusion defenses.”

The program initially will consist of online access to threat analysis showing how malicious files are delivered, including new trends as they emerge, which will help security teams bolster defenses. In addition, Lastline will release high-level views of malware in the wild, such as the Malscape Monitor Report, details of threats against specific market segments or geographies, and details of a particular attack’s capabilities plus remediation recommendations.

[su_box title=”About Lastline” style=”noise” box_color=”#336588″][short_info id=’61000′ desc=”true” all=”false”][/su_box]

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x