An Analysis of Malware Trends in Enterprise Networks
We present an empirical and large-scale analysis of malware samples captured from two different enterprises from 2017 to early 2018. Particularly, we perform threat vector, social-engineering, vulnerability and time-series analysis on our dataset. Unlike existing malware studies, our analysis is spe...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Acar, Abbas Lu, Long Uluagac, A. Selcuk Kirda, Engin |
| description | We present an empirical and large-scale analysis of malware samples captured
from two different enterprises from 2017 to early 2018. Particularly, we
perform threat vector, social-engineering, vulnerability and time-series
analysis on our dataset. Unlike existing malware studies, our analysis is
specifically focused on the recent enterprise malware samples. First of all,
based on our analysis on the combined datasets of two enterprises, our results
confirm the general consensus that AV-only solutions are not enough for
real-time defenses in enterprise settings because on average 40% of the malware
samples, when first appeared, are not detected by most AVs on VirusTotal or not
uploaded to VT at all (i.e., never seen in the wild yet). Moreover, our
analysis also shows that enterprise users transfer documents more than
executables and other types of files. Therefore, attackers embed malicious
codes into documents to download and install the actual malicious payload
instead of sending malicious payload directly or using vulnerability exploits.
Moreover, we also found that financial matters (e.g., purchase orders and
invoices) are still the most common subject seen in Business Email Compromise
(BEC) scams that aim to trick employees. Finally, based on our analysis on the
timestamps of captured malware samples, we found that 93% of the malware
samples were delivered on weekdays. Our further analysis also showed that while
the malware samples that require user interaction such as macro-based malware
samples have been captured during the working hours of the employees, the
massive malware attacks are triggered during the off-times of the employees to
be able to silently spread over the networks. |
| doi_str_mv | 10.48550/arxiv.1910.00508 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_1910_00508</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1910_00508</sourcerecordid><originalsourceid>FETCH-LOGICAL-a678-87e4a6bba380bb51b709b4cdada3c6a40d14822578eec100123607ed3d6e46e83</originalsourceid><addsrcrecordid>eNotzr1uwjAUhmEvHRDtBTDhGwgcx7-MEYIWiZ8le3QcH6SIYJCNoNx9KTB90jt8ehgbCZgopzVMMf1214mYPQKABjdgqoq8itjfc5f5ac832N8wEa8TxZB5F_kiXiidU5eJb-lyO6VD_mQfe-wzfb13yOrlop7_FOvd92perQs01hXOkkLjPUoH3mvhLcy8agMGlK1BBUEoV5baOqJWAIhSGrAUZDCkDDk5ZOPX7ZPdPAxHTPfmn988-fIPJEI-_g</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>An Analysis of Malware Trends in Enterprise Networks</title><source>arXiv.org</source><creator>Acar, Abbas ; Lu, Long ; Uluagac, A. Selcuk ; Kirda, Engin</creator><creatorcontrib>Acar, Abbas ; Lu, Long ; Uluagac, A. Selcuk ; Kirda, Engin</creatorcontrib><description>We present an empirical and large-scale analysis of malware samples captured
from two different enterprises from 2017 to early 2018. Particularly, we
perform threat vector, social-engineering, vulnerability and time-series
analysis on our dataset. Unlike existing malware studies, our analysis is
specifically focused on the recent enterprise malware samples. First of all,
based on our analysis on the combined datasets of two enterprises, our results
confirm the general consensus that AV-only solutions are not enough for
real-time defenses in enterprise settings because on average 40% of the malware
samples, when first appeared, are not detected by most AVs on VirusTotal or not
uploaded to VT at all (i.e., never seen in the wild yet). Moreover, our
analysis also shows that enterprise users transfer documents more than
executables and other types of files. Therefore, attackers embed malicious
codes into documents to download and install the actual malicious payload
instead of sending malicious payload directly or using vulnerability exploits.
Moreover, we also found that financial matters (e.g., purchase orders and
invoices) are still the most common subject seen in Business Email Compromise
(BEC) scams that aim to trick employees. Finally, based on our analysis on the
timestamps of captured malware samples, we found that 93% of the malware
samples were delivered on weekdays. Our further analysis also showed that while
the malware samples that require user interaction such as macro-based malware
samples have been captured during the working hours of the employees, the
massive malware attacks are triggered during the off-times of the employees to
be able to silently spread over the networks.</description><identifier>DOI: 10.48550/arxiv.1910.00508</identifier><language>eng</language><subject>Computer Science - Cryptography and Security</subject><creationdate>2019-10</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,885</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/1910.00508$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.1910.00508$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Acar, Abbas</creatorcontrib><creatorcontrib>Lu, Long</creatorcontrib><creatorcontrib>Uluagac, A. Selcuk</creatorcontrib><creatorcontrib>Kirda, Engin</creatorcontrib><title>An Analysis of Malware Trends in Enterprise Networks</title><description>We present an empirical and large-scale analysis of malware samples captured
from two different enterprises from 2017 to early 2018. Particularly, we
perform threat vector, social-engineering, vulnerability and time-series
analysis on our dataset. Unlike existing malware studies, our analysis is
specifically focused on the recent enterprise malware samples. First of all,
based on our analysis on the combined datasets of two enterprises, our results
confirm the general consensus that AV-only solutions are not enough for
real-time defenses in enterprise settings because on average 40% of the malware
samples, when first appeared, are not detected by most AVs on VirusTotal or not
uploaded to VT at all (i.e., never seen in the wild yet). Moreover, our
analysis also shows that enterprise users transfer documents more than
executables and other types of files. Therefore, attackers embed malicious
codes into documents to download and install the actual malicious payload
instead of sending malicious payload directly or using vulnerability exploits.
Moreover, we also found that financial matters (e.g., purchase orders and
invoices) are still the most common subject seen in Business Email Compromise
(BEC) scams that aim to trick employees. Finally, based on our analysis on the
timestamps of captured malware samples, we found that 93% of the malware
samples were delivered on weekdays. Our further analysis also showed that while
the malware samples that require user interaction such as macro-based malware
samples have been captured during the working hours of the employees, the
massive malware attacks are triggered during the off-times of the employees to
be able to silently spread over the networks.</description><subject>Computer Science - Cryptography and Security</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotzr1uwjAUhmEvHRDtBTDhGwgcx7-MEYIWiZ8le3QcH6SIYJCNoNx9KTB90jt8ehgbCZgopzVMMf1214mYPQKABjdgqoq8itjfc5f5ac832N8wEa8TxZB5F_kiXiidU5eJb-lyO6VD_mQfe-wzfb13yOrlop7_FOvd92perQs01hXOkkLjPUoH3mvhLcy8agMGlK1BBUEoV5baOqJWAIhSGrAUZDCkDDk5ZOPX7ZPdPAxHTPfmn988-fIPJEI-_g</recordid><startdate>20191001</startdate><enddate>20191001</enddate><creator>Acar, Abbas</creator><creator>Lu, Long</creator><creator>Uluagac, A. Selcuk</creator><creator>Kirda, Engin</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20191001</creationdate><title>An Analysis of Malware Trends in Enterprise Networks</title><author>Acar, Abbas ; Lu, Long ; Uluagac, A. Selcuk ; Kirda, Engin</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a678-87e4a6bba380bb51b709b4cdada3c6a40d14822578eec100123607ed3d6e46e83</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Computer Science - Cryptography and Security</topic><toplevel>online_resources</toplevel><creatorcontrib>Acar, Abbas</creatorcontrib><creatorcontrib>Lu, Long</creatorcontrib><creatorcontrib>Uluagac, A. Selcuk</creatorcontrib><creatorcontrib>Kirda, Engin</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Acar, Abbas</au><au>Lu, Long</au><au>Uluagac, A. Selcuk</au><au>Kirda, Engin</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>An Analysis of Malware Trends in Enterprise Networks</atitle><date>2019-10-01</date><risdate>2019</risdate><abstract>We present an empirical and large-scale analysis of malware samples captured
from two different enterprises from 2017 to early 2018. Particularly, we
perform threat vector, social-engineering, vulnerability and time-series
analysis on our dataset. Unlike existing malware studies, our analysis is
specifically focused on the recent enterprise malware samples. First of all,
based on our analysis on the combined datasets of two enterprises, our results
confirm the general consensus that AV-only solutions are not enough for
real-time defenses in enterprise settings because on average 40% of the malware
samples, when first appeared, are not detected by most AVs on VirusTotal or not
uploaded to VT at all (i.e., never seen in the wild yet). Moreover, our
analysis also shows that enterprise users transfer documents more than
executables and other types of files. Therefore, attackers embed malicious
codes into documents to download and install the actual malicious payload
instead of sending malicious payload directly or using vulnerability exploits.
Moreover, we also found that financial matters (e.g., purchase orders and
invoices) are still the most common subject seen in Business Email Compromise
(BEC) scams that aim to trick employees. Finally, based on our analysis on the
timestamps of captured malware samples, we found that 93% of the malware
samples were delivered on weekdays. Our further analysis also showed that while
the malware samples that require user interaction such as macro-based malware
samples have been captured during the working hours of the employees, the
massive malware attacks are triggered during the off-times of the employees to
be able to silently spread over the networks.</abstract><doi>10.48550/arxiv.1910.00508</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.1910.00508 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_1910_00508 |
| source | arXiv.org |
| subjects | Computer Science - Cryptography and Security |
| title | An Analysis of Malware Trends in Enterprise Networks |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-13T12%3A53%3A42IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=An%20Analysis%20of%20Malware%20Trends%20in%20Enterprise%20Networks&rft.au=Acar,%20Abbas&rft.date=2019-10-01&rft_id=info:doi/10.48550/arxiv.1910.00508&rft_dat=%3Carxiv_GOX%3E1910_00508%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |