Connect with us

Hi, what are you looking for?

HEADLINES

Suspicious objects turn out to be malicious in almost three-quarters of cases – Kaspersky

The analysis showed that when security researchers requested additional details of a suspicious object, 72% of cases turned out to be malicious and could put corporate security at risk if not investigated.

Kaspersky experts have analyzed the anonymized and aggregated statistics from requests to the Kaspersky Threat Intelligence Portal, an always-on web service with access to several petabytes of global security intelligence data that is updated almost in real-time.

The analysis showed that when security researchers requested additional details of a suspicious object, 72% of cases turned out to be malicious and could put corporate security at risk if not investigated. 

On average, 44% of security alerts faced by organizations are not investigated. The reason may lie in the huge volume of incoming warning signals that security teams struggle to fully cope with. So, analysts have to choose carefully which alerts they need to investigate, and which do not deserve their attention. In this situation, it’s helpful to have a framework which helps you to make the decision.

Anonymized and aggregated statistics from the Kaspersky Threat Intelligence Portal showed that in most cases, the initial call to check the alert is proven to be right: the majority (7 out of 10) of analyzed requests submitted through the service turn out to be malicious. The share of such objects is especially high for web-related items; domains – 86%, IP addresses – 75%, and URLs – 73%. This figure slightly drops for files, as 61% of hashes were categorized as dangerous. This implies that it is harder for researchers to distinguish legitimate files from malicious ones without consulting with the appropriate threat intelligence. 

Advertisement. Scroll to continue reading.

Overall, researchers are typically most interested to learn about which resources the endpoints in their network are communicating with – 41% of total requests fall under this category. With information on IP address reputation and associated websites and files, security teams can make a decision if they should deny access to this resource or block any communication with it. In addition, a third (31%) of the requests were about a file hash category – meaning analysts are looking for additional information about the file (e.g., geographical distribution, popularity, and connections with other objects) in their investigations.

“As our statistics show, security analysts in organizations rarely make mistakes when they suspect that an alert poses a security risk and might need further investigation. However, it’s not all about checking the hypotheses. To be able to accelerate their incident response and forensic capabilities, analysts need to see the bigger picture on a threat, quickly. Access to threat intelligence provides just that, ultimately saving time and effort for typically understaffed security teams,” commented Anatoly Simonenko, Group Manager, Technology Solutions Product Management at Kaspersky. 

The Kaspersky Threat Intelligence Portal is a web service which provides customers with knowledge about cyberthreats gathered by Kaspersky.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

ELECTRONICS

Philips EasyKey partnered with Megaworld and equipped their world-class properties with only the best-in-class smart locks we have on offer, the Philips EasyKey 9300.

HEADLINES

The PLDT wireless unit is also calling on customers to report these messages to Smart’s HULISCAM portal for further action.

HEADLINES

Here are some tips from Sophos for staying secure online during the cybersecurity awareness month.

HEADLINES

While only 21% of hackers believed that AI technologies enhance the value of hacking in 2023, 71% reported it to have value in 2024....

Advertisement