View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 10, 2014updated 21 Oct 2016 5:26pm

Vertical markets under attack from persistent malware threats

Healthcare, retail and financial services at risk from Kuluoz

By Sam

The Kuluoz or Asprox malware family have persisted in accounting for a majority of malware attack sessions affecting industries as varied as healthcare, retail and financial services.

"The trends we observe in the Threat Landscape Review indicate that malware attacks against industries such as finance, healthcare and critical infrastructure occur over similar channels but in significantly different proportions. It is essential that information security practitioners, from management to governance to enablement and execution, stay current on trends and malware distribution patterns and take a prevention-centric approach to securing their organizations," said Ryan Olson, Intelligence Director, Unit 42, Palo Alto Networks

All verticals saw e-mail (SMTP) and HTTP as the primary channels for malware delivery, but the percentages for each industry vary significantly, indicating that these industries have different threat profiles. Retail and wholesale organizations received almost 28 percent over the web channel, while hospitality organizations received just two percent over the same channel. Organizations need visibility into the types of traffic traversing their networks so they can quickly identify and prevent threats.

Malware was delivered in over 50 distinct applications, 87 percent of which were delivered over e-mail and 11.8 percent through web browsing (HTTP). While these two channels account for the majority of malware attacks, it is important that organizations are able to identify malware in any application allowed in their network.

Over 90 percent of unique malware samples were delivered in just one or two attacks. Most of these files are part of overarching malware families, but by deploying distinct files just once or twice attackers can evade many antivirus programs. Practitioners need to consider security that can identify and stop attacks at multiple stages in the attack kill chain.

One malware family, known as Kulouz or Asprox, was responsible for about 80 percent of all attack sessions recorded during October 2014, impacting nearly 2,000 different organizations. This malware has plagued Internet users for years, despite multiple attempts to disrupt its infrastructure.

The Unit 42 Threat Landscape Review is a recurring report examining how organizations in different industries are affected by malware.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Research performed by Unit 42, the Palo Alto Networks threat intelligence team, and included data its cloud threat monitor WildFire,

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.