ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > The Evolution of Malware and the Threat Landscape – a Ten Year Review

The Evolution of Malware and the Threat Landscape – a Ten Year Review

| Posted at 8:09 AM by ISACA News | Category: Security | Permalink | Email this Post | Comments (0)

Tim RainsAt the RSA Conference in San Francisco (CA, USA) this month, Microsoft released a new special edition Security Intelligence Report (SIR) called “The evolution of malware and the threat landscape – a ten year review.

This special edition of the SIR contains a look back at how the threat landscape has changed over the past 10 years and includes trending data on vulnerability disclosures, exploit trends, malware and potentially unwanted software, regional malware infection rates, growth rates for Windows Update/Microsoft Update usage, and more. This is the first time we have aggregated, analyzed and released data going back so far in time – providing a long-term view of how attackers have changed their strategies and tactics over time.

The past decade has seen drastic growth in new security vulnerability disclosures, which peaked in 2006 and 2007 and then steadily declined over the next four years to just over 4,000 in 2011, which is still a large number of vulnerabilities.

Figure on left: Relative severity of industry-wide vulnerabilities disclosed since 2002; figure on right: Application and operating system vulnerability disclosures since 2002 across the entire software industry.

Figure 1

Focusing on malware, looking at how the threat categories and major threat families within those categories have changed over time gives you an idea how malware authors changed their tactics. For example, the Trojan Downloaders and Droppers category, which affected less than nine percent of computers with detections in the first half of 2006 (1H06), rose rapidly to become one of the most significant threat categories in 2007 and 2008, primarily because of increased detections of Win32/Zlob and Win32/Renos. After decreasing significantly from its 1H06 peak, the Worms category began to increase again in 2009 after the discovery of Win32/Conficker and reached a second peak in the second quarter of 2010 (2Q10) with increased detections of Win32/Taterf and Win32/Rimecud.

Figure: Worms, Trojan Downloaders and Droppers, and Password Stealers and Monitoring Tools categories since 2006.

Figure 2

Some regions of the world have consistently lower malware infection rates than others. What are they doing that other countries aren’t? We have a section in the SIR dedicated to trying to answer this question.

Figure 3

Many more insights and loads more data are available in this new ten-year review – please download your free copy of the report here.

Tim Rains
Trustworthy Computing


There are no comments yet for this post.
You must be logged in and a member to post a comment to this blog.