Classification of total detections to

different types of malware groups

Executables are responsible for 80% of total detections on average while Fileless, Lateral Movement and Document attacks are resposible for 20% of total detections

DETECTION CLASSIFICATION 100%

75%

50%

25%

0%

Executables

Lateral Movement

Fileless

Documents

RANSOMWARE TREND

JAN FEB MAR APR MAY JUN

10.5

14.4

11.8

7.4

12.6

5.6

Ransomware detections(per 1000 endpoints)

Ransomware attacks remain popular ranging from

5.6 to 14.4 attacks per 1000 endpoints

Classification of total detections by the verdict given by reputation services

More than 70% of total detections were

unknown to reputation services

Classification of detected executables by the verdict given by reputation services

More than 70% of detected executables

were unknown to reputation services

Classification of detected documents by the verdict given by reputation services

More than 90% of detected documents

were unknown to reputation services

Executable detections compared to reputation services

Document detections compared to reputation services

Total detections compared to reputation services

FILELESS TREND

Fileless attack detections(per 1000 endpoints)

Fileless attacks rose by 94%

evidencing increasing prevalance

25.4 27 26

33.842.5

21.9

JAN FEB MAR APR MAY JUN

POWERSHELL TREND

PowerShell attack detections(per 1000 endpoints)

PowerShell attacks jumped in June 2018 to

a record of 5.2 attacks per 1000 endpoints

4.6

1.5 1.6

3.2

2.5

5.2

JAN FEB MAR APR MAY JUN

* Reputation services: VirusTotal, ReversingLabs, and others

* Calculated results are normalized to 1,000 endpoints

JAN FEB MAR APR MAY JUN

JAN-JUN 2018

Dataset sourced from SentinelOne’s global endpoint deploymentEnterprise Risk Index Report Jan-Jun 2018