New Lastline Report Finds that 90 Percent of Malware it Analyzes is Given Generic, Unhelpful Labels by AV Tools, Among Additional Actionable Malware Insights
Company also publicly introduces its Behavioral Intelligence Program aimed at further improving security effectiveness and speed to remediation
REDWOOD CITY, CA, April 24, 2018 – Lastline Inc., the leader in advanced network-based malware protection, today announced the results of its first comprehensive malware behavior report, the Q4 2017 Malscape® Monitor Report. This report is the first in an on-going series that will deliver previously unavailable trends and actionable insights into malicious behaviors and how threats unfold.
The tens of millions of samples that Lastline analyzed for this report were for the most part scanned and released by other security solutions, meaning Lastline is literally “The Last Line of Defense®.” Reflecting the objects analyzed in the last quarter of 2017, the report found:
- Enterprises, and malware authors, use a wide range of file types, illustrating the need to have protection parity across all attack vectors
- Of the objects received via email or online and cleared by other security tools, one in 500 were found to be malicious, resulting in malware being introduced daily into enterprise networks
- Sixty-five percent of malware files had never been submitted to VirusTotal and were seen only once by Lastline, leaving signature-based detection technologies ineffective
- One in 12 malware samples exhibit particular advanced persistent threat capabilities that make them hard to detect and particularly dangerous
- Ninety percent of files that Lastline determined to be malicious were given generic labels by AV tools, such as trojan.generic, providing limited guidance for successful remediation and leaving enterprises exposed to subsequent attacks resulting from compromised credentials
- The file types that malware authors used to launch attacks varied widely across regions, as did the payloads and targets
The company also is announcing the Lastline Behavioral Intelligence Program, an innovative behavior-based approach to threat intelligence that will improve security effectiveness, speed to remediation, and completeness of remediation. Using data from Lastline’s global deployment of millions of sensors, the program will make unique actionable information about cybersecurity threats publicly available to inform security teams’ ability to detect and block attacks and improve their efforts to secure email, web access, corporate networks, and cloud storage and apps.
“The Lastline Behavioral Intelligence Program is built on core strengths of Lastline – our understanding of malicious behaviors and our ability to connect them to intrusions and breaches,” noted Lastline CEO and co-founder, Chris Kruegel. “With this program, we’re overcoming serious shortcomings in existing threat intelligence systems that deliver one-time IoCs that are essentially useless for blocking future attacks, resulting in broken incident response processes and ineffective intrusion defenses.”
The program initially will consist of online access to threat analysis showing how malicious files are delivered, including new trends as they emerge, which will help security teams bolster defenses. In addition, Lastline will release high-level views of malware in the wild, such as the Malscape Monitor Report, details of threats against specific market segments or geographies, and details of a particular attack’s capabilities plus remediation recommendations.
Go to the Threat Intelligence section of the company’s website to access all materials available through the Lastline Behavioral Intelligence Program.
Lastline provides breach protection products that are innovating the way companies defend against advanced malware with fewer resources and at lower cost. We deliver the visibility, context, analysis, and integrations enterprise security teams need to quickly and completely eradicate malware-based threats before damaging and costly data breaches occur. Headquartered in Redwood City, California with offices throughout North America, Europe and Asia, Lastline’s technology is used by Global 5000 enterprises, is offered directly and through resellers and security service providers, and is integrated into leading third-party security technologies worldwide. www.lastline.com
Latest posts by John Love (see all)
- Coronavirus-Themed Phishing Fears Largely Overblown, Researchers Say - May 20, 2020
- Morning Cybersecurity - May 20, 2020
- Texas regulators tamp down authority of proposed cybersecurity monitor as PUC nears vote - May 13, 2020