27 per cent of all malware variants in history were created in 2015

Last year was a record year for malware, according to a report from Panda Security, with more than 84 million new malware samples collected over the course of the year

Last year was a record year for malware, according to a new report from Panda Security, with more than 84 million new malware samples collected over the course of the year.

That averages out to around 230,000 new malware samples a day, said Luis Corrons, technical director of Panda's PandaLabs unit. Or 27 percent of all malware ever created.

Trojans continued to account for the main bulk of malware, at 51.45 percent, followed by viruses at 22.79 percent, worms at 13.22 percent, potentially unwanted programs such as adware at 10.71 percent and cases of spyware at 1.83 percent.

According to Corrons, one reason that the number of malware variants is proliferating is, ironically, that antivirus software is getting better at detecting and blocking them.

"At the end of the day, it's our fault, in some ways," he said.

Say, for example, a hacker sends out 1,000 instances of a piece of malware. Once one gets caught, the rest will as well because the signature will get identified.

But if the hacker sends out 1,000 variations on that same malware, the likelihood is higher that more of them will get through.

These days, Corrons added, the attackers have automated software that will slightly modify malware just enough to make it look different to defending systems.

"When you get an infected website, every different user gets a slightly different version of the same Trojan," he said.

Back when he started out, 17 years ago, he said, they saw 100 new variants per day.

"And we thought it was crazy," he said. "All the processes we had in the lab were pretty much manual -- so it was crazy."

But the defenders are getting better as well, he added.

For example, if PandaLabs sees a file that it's never seen before, that's an indicator right there to place the file under additional scrutiny. That's due to the rapid spread of cloud technology, he said.

"If we see a new file that we have never seen, we know that the file has not yet been seen anywhere else in the world, he said.

In addition, antivirus vendors are getting smarter about sharing malware samples.

Panda has servers up that it uses to share malware samples with its competitors, and it has the ability to query their servers as well -- not just for all the new malware samples, but specifically for the ones that Panda itself hasn't seen yet.

If Panda were to stop sharing malware with, say, Symantec, then Symantec would stop sharing back -- and customers would get mad, Corrons said.

Instead, vendors differentiate themselves in how they process the malware samples, how they manage that information, and how they set up the detection, he said.

That means that customers don't have to sign up for multiple antivirus services, said Craig Young, security researcher at Tripwire, but he added that it can be an advantage to have different sets of eyes looking out for you.

"You don't want to be loading up endpoint workstations with multiple antivirus," he said. "But one approach might be that your email server has one brand of antivirus software that monitors all emails, your intrusion prevention system might be using a different antivirus engine, and the actual computers themselves might have yet another engine to just ensure that nothing is slipping through the cracks."

In fact, different antivirus engines are often bundled into different security products, so an enterprise would get multiple takes on this automatically.

Both Corrons and Young warned, however, that antivirus detection is not enough, and enterprises need multiple levels of defense.

"A tiered approach is the only way to have any semblance of security, in my opinion," said Young.

Everyone is constantly under attack, said Corrons.

"Medium and large companies -- they have to assume that they are already compromised, and that someone is already inside their network," he said. "Mainly, in most cases, because it's already true."

Enterprises need to look at investing in technology that helps discover infections after they have already infiltrated their systems, instead of relying only on perimeter defenses.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitymalware

More about CSOPandaPanda SecuritySymantecTripwire

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maria Korolov

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts