Managed security services provider Solutionary has published its SERT Quarterly Threat Intelligence Report for Q4 2013. The report focuses on malware analysis, malware distribution and the effectiveness of antivirus engines.
According to Solutionary, 44% of the malware identified by the company’s Security Engineering Research Team (SERT) has been hosted in the United States. The US is followed at a considerable distance by Germany, which is responsible for 9% of detected malware.
The most interesting aspect highlighted in the report is the increasing use of cloud services for the distribution of malware. The security firm says that cybercriminals are abusing the services of Amazon, Google and GoDaddy to create, host and delete their malicious websites. The cloud enables attackers to infect millions of computers at very low costs.
In addition to creating their own sites, malicious actors are also compromising legitimate domains. This enables them to distribute malware while avoiding detection and geographical blacklisting.
As far as antivirus engines are concerned, Solutionary says they’re still important, but they’ve become less and less efficient in detecting malware. In one case investigated by the company, none of the top 40 engines detected the over 750 malicious files served by OVH-hosted websites.
During a two-week period, one of the malicious domains, bb.rauzqivu.ru, operated across 20 countries, 67 services providers and 199 unique IP addresses to avoid being detected.
“The information in this report will show our readers how widespread the malware problem truly is and how close it hits to home. We aren’t just talking about foreign espionage campaigns, APTs and breaches; many of these malicious activities are taking place within U.S. borders,” noted Solutionary SERT Director of Research Rob Kraus.
“Malware and, more specifically, its distributors are utilizing the technologies and services that make processes, application deployment and website creation easier. Now we have to maintain our focus not only on the most dangerous parts of the Web but also on the parts we expect to be more trustworthy.”
The complete SERT Quarterly Threat Intelligence Report Q4 2013 is available on Solutionary’s website (registration required).