European managed security services company Orange Cyberdefense today reveals the findings of its inaugural Security Navigator, which shows a 23 percent decline in the number of recorded malware incidents in 2019.
The total number of security events have, however, increased. The company analysed 263,109 events from data obtained from its 10 CyberSOCs and 16 SOCs. Out of these events it identified 11.17 percent as verified security incidents. This represents a 34.4 percent increase over the previous year’s rate of 8.31 percent.
Of the events analysed, only 22 percent of incidents could be classified as malware-related in 2019, compared to 45 percent in the previous year. During the same period, application anomalies increased from 36 percent to 46 percent to claim the top spot as the most common incident cause in 2019.
“The findings don’t mean that malware is no longer a significant threat; far from it,” says Charl van der Walt, head of security research at Orange Cyberdefense. “What it does suggest is that endpoint-centred prevention can significantly reduce the risk to businesses. What we see here is very likely the immediate result of investment in next-gen endpoint protection. While elaborate malware and APTs used in targeted attacks still do pose a serious threat, the skill level of the common cybercriminal simply does not match up-to-date endpoint protection anymore. And that is good news.”
Other findings include no increase in cryptomining attacks, despite the value of Monero, Ethereum, Litecoin and Bitcoin reaching a new peak in early summer 2019. While still very low, the number of attacks deemed business critical, doubled to 0.11 percent in 2019, a rate that is comparable to 2017, a stark reminder of the risk posed by poor security posture.
Cyber-threat actors have tried to capitalise on the current global health crisis. On March 24 2020 alone, one Orange Cyberdefense CERT team tracked 23 unique COVID-19-based phishing mails over a 24-hour period. In addition during the same week customers reported more than 600 potentially fraudulent emails, 10 percent of which has proven to be malicious – four times higher than in the previous week.
This first Security Navigator is being published following the rebranding of SecureData and SecureLink (acquired by Orange in February and July 2019 respectively) to Orange Cyberdefense. You can get the full report on the Orange Cyberdefense site.
Image credit: eteimaging/depositphotos.com