DeepAI AI Chat
Log In Sign Up

An Analysis of Malware Trends in Enterprise Networks

by   Abbas Acar, et al.
Northeastern University
Florida International University

We present an empirical and large-scale analysis of malware samples captured from two different enterprises from 2017 to early 2018. Particularly, we perform threat vector, social-engineering, vulnerability and time-series analysis on our dataset. Unlike existing malware studies, our analysis is specifically focused on the recent enterprise malware samples. First of all, based on our analysis on the combined datasets of two enterprises, our results confirm the general consensus that AV-only solutions are not enough for real-time defenses in enterprise settings because on average 40 samples, when first appeared, are not detected by most AVs on VirusTotal or not uploaded to VT at all (i.e., never seen in the wild yet). Moreover, our analysis also shows that enterprise users transfer documents more than executables and other types of files. Therefore, attackers embed malicious codes into documents to download and install the actual malicious payload instead of sending malicious payload directly or using vulnerability exploits. Moreover, we also found that financial matters (e.g., purchase orders and invoices) are still the most common subject seen in Business Email Compromise (BEC) scams that aim to trick employees. Finally, based on our analysis on the timestamps of captured malware samples, we found that 93 samples were delivered on weekdays. Our further analysis also showed that while the malware samples that require user interaction such as macro-based malware samples have been captured during the working hours of the employees, the massive malware attacks are triggered during the off-times of the employees to be able to silently spread over the networks.


page 1

page 2

page 3

page 4


HAPSSA: Holistic Approach to PDF Malware Detection Using Signal and Statistical Analysis

Malicious PDF documents present a serious threat to various security org...

Analysis and Correlation of Visual Evidence in Campaigns of Malicious Office Documents

Many malware campaigns use Microsoft (MS) Office documents as droppers t...

A Deep Dive into VirusTotal: Characterizing and Clustering a Massive File Feed

Online scanners analyze user-submitted files with a large number of secu...

Efficient Malware Analysis Using Metric Embeddings

In this paper, we explore the use of metric learning to embed Windows PE...

Longitudinal Study of the Prevalence of Malware Evasive Techniques

By their very nature, malware samples employ a variety of techniques to ...

RADAR: Effective Network-based Malware Detection based on the MITRE ATT CK Framework

MITRE ATT CK is a widespread ontology that specifies tactics, techniqu...

PlaceRaider: Virtual Theft in Physical Spaces with Smartphones

As smartphones become more pervasive, they are increasingly targeted by ...