jan-jun 2018€¦ · classification of total detections to different types of malware groups...
TRANSCRIPT
Classification of total detections to
different types of malware groups
Executables are responsible for 80% of total detections on average while Fileless, Lateral Movement and Document attacks are resposible for 20% of total detections
DETECTION CLASSIFICATION 100%
75%
50%
25%
0%
Executables
Lateral Movement
Fileless
Documents
RANSOMWARE TREND
JAN FEB MAR APR MAY JUN
10.5
14.4
11.8
7.4
12.6
5.6
Ransomware detections(per 1000 endpoints)
Ransomware attacks remain popular ranging from
5.6 to 14.4 attacks per 1000 endpoints
Classification of total detections by the verdict given by reputation services
More than 70% of total detections were
unknown to reputation services
Classification of detected executables by the verdict given by reputation services
More than 70% of detected executables
were unknown to reputation services
Classification of detected documents by the verdict given by reputation services
More than 90% of detected documents
were unknown to reputation services
Executable detections compared to reputation services
Document detections compared to reputation services
Total detections compared to reputation services
FILELESS TREND
Fileless attack detections(per 1000 endpoints)
Fileless attacks rose by 94%
evidencing increasing prevalance
25.4 27 26
33.842.5
21.9
JAN FEB MAR APR MAY JUN
POWERSHELL TREND
PowerShell attack detections(per 1000 endpoints)
PowerShell attacks jumped in June 2018 to
a record of 5.2 attacks per 1000 endpoints
4.6
1.5 1.6
3.2
2.5
5.2
JAN FEB MAR APR MAY JUN
* Reputation services: VirusTotal, ReversingLabs, and others
* Calculated results are normalized to 1,000 endpoints
JAN FEB MAR APR MAY JUN
JAN-JUN 2018
Dataset sourced from SentinelOne’s global endpoint deploymentEnterprise Risk Index Report Jan-Jun 2018