For more than a decade, Symantec has been publishing monthly intelligence reports, providing a snapshot of what is happening on the threat landscape. Over the years these reports have focused on a variety of activity, covering topics ranging from spam to botnets (and even spam botnets). Back in early 2016, we moved away from PDF reports and launched a new, dynamic page on the Symantec website, providing the latest intelligence available.
Today we are happy to share the next iteration of this Latest Intelligence page. With this new page comes a whole new set of metrics, previously only available annually in the ISTR, along with several old favorites from the intelligence reports over the years. We have also revamped the look and feel of the page, making it easier to navigate, as well as providing a more mobile-device-friendly interface.
This new approach allows us the opportunity to tell new stories surrounding the threat landscape. We can now share trends on specific malicious activity classifications, ranging from ransomware, to cryptojacking events, to attacks against IoT devices.
To provide a few real-world examples from just last month, financial Trojan activity rose in September by 12.5 percent when compared to August. Then, looking at the specific financial Trojans active during this time frame, we can see that Ramnit is responsible for the lion’s share of activity. However, it appears that this Trojan’s activity declined 6.9 percentage points since August. In comparison, Emotet and Trickybot saw an increase of 8.3 and 2.7 percentage points respectively, likely contributing to the overall increase in activity.
Another interesting item that we decided to look at with the launch of this new page is network attack types. The metric reveals that SMB-related attacks dominate this field, comprising around half of all such attacks in a given month. In contrast, attacks against technologies such as Flash and Java, which were quite popular in past years, have declined drastically, well down into the single digits.
As we stated in early 2016, when the first version of the Latest Intelligence page launched, the threat landscape is never the same two months in a row. One month there is a jump in web attacks; another might see a spike in downloader activity. This can make the threat landscape a tricky scene to navigate. We hope that our new Latest Intelligence page helps make doing so just a little easier.
We encourage you to share your thoughts on your favorite social platform.