Malware Landscape 2022

A Study of the Scope and Distribution of Malware

Malware is a rapidly growing security threat. Malware can interfere with the operation of computer systems and networks; delete, suppress, or block access to data; and otherwise re-direct computing resources from legitimate to criminal purposes.

The proliferation of malware is being fueled by several factors:

  • The technical sophistication and efficacy of malware. The Solar Winds and Kaseya incidents are examples of how this pivoting reaches well beyond initial intrusions.

  • The rapid adoption the Internet of Things (IoT) devices. IoT software and administration are highly vulnerable to exploitation.

  • Abundant access to high speed networks and high performance computing. Malware actors have exploited the same high-performance technology (e.g., cloud computing) that serves global enterprises and have even adopted the “as a service” model for commercializing malware and ransomware attacks.

  • Legal ambiguity. Legal access legislation has legitimized a market for surveillance and information gathering software that exhibit the same traits as malware.

  • The use of malware by nation states and state-sponsored actors. Malware as a source of revenue or intelligence gathering, and has become part of the arsenal of weapons for countries during conflict or war.

Malware has become an organized criminal business and a weapons arsenal for cyber conflict and warfare. Financial losses, economic and political disruption, and harm to life and limb have turned malware into a priority global public concern.

Using data collected at the Cybercrime Information Center, Interisle Consulting Group studied how malware perpetrators use Internet resources for all these purposes. In this report, we ask and answer, “What malware was most prevalent?”, “Where malware was served from or distributed?”, and “What resources criminals used to pursue their attacks?”

Mozi malware was the most frequently identified IoT malware.

Mirai made a strong return appearance in 4Q2021.

 

More than 1/2 of IoT malware was hosted in China

Five of the top ten ASNs are in China, two are in India, and one each in Albania, Dominican Republic, and Vietnam

 

The United States and China accounted for more than ¾ of the Endpoint Malware for which we could determine ASN and country.

Information stealers and RATs were the top malware targeting endpoint devices. Qakbot was the most frequently identified endpoint malware.

14% of information stealing malware was hosted on IPv4 addresses delegated to Microsoft. 10% of malware identified as loaders was hosted on IPv4 addresses delegated to Cloudflare.

Where in the Hosting World Do We Find “Named” Endpoint Malware?

You may read an Executive Summary of the Report or the complete Report at Interisle.net.