Polymorphic and malicious IPs highlighted by Webroot

The speed of change is one of the main conclusions of the Webroot Threat Report 2018. In the opening text, the length of phishing attacks and activity of high risk IP addresses were highlighted to show the current levels of malicious-benign flux. Based on Webroot’s proprietary Threat Intelligence Platform, the report largely corresponds with industry’s known behaviors, however the statistics given makes it a should read from most cyber security practioners. The report has in-depth discussions surrounding the threats from the increasing use of polymorphic malware, cryptojacking, phishing and malicious mobile apps.

Strategic assessment:

In the case of malicious IPs, Webroot provided the following insight:

• 90% of phishing attacks came from just 62 domains

• In one case, 400,000 phishing sites came from a single IP address

• 50 of the unique IPs hosting phishing sites were responsible for more than 1.5 million phishing attacks

The bulk of phishing has not diversified and the vast majority of attacks are limited to a small number of domains and IP addresses. Further in the report, it highlights that the US (12%), China (12%) and Indonesia (8%) were the top three locations for malicious IPs. Overall, just 10 countries accounted for 62% of total malicious IPs.

From a malware perspective:

• 94% of malicious executable files were found to be polymorphic

• Windows 10 was found to be almost twice as safe – in terms of malware detected – as Windows 7

• In 2017, 93% of malware was unique.

There was a drop in the number of malware files per device in 2017, Webroot suggest a few reasons for this trend. The first is that the development of polymorphic malware has increased by a significant margin, indicating the malware authors are changing tact. This also came at a time where there were significant changes in the use of exploit kits, which suffered some major takedowns across 2017. Furthermore, Windows 10’s implementation across businesses and personal devices also correlated to better malware protection.

Leave a Reply

Your email address will not be published. Required fields are marked *