Banking trojans and ransomware were the top innovators in 2019 malware code evolution
Drawing on previous IBM X-Force collaboration in detecting new malware variants, we used our Genetic Malware Analysis technology to measure malware innovation made by adversaries between 2018 and 2019. This measure of innovation is the extent to which threat actors invested in developing new code, suggesting that adversaries are looking to expand their threat capabilities and evade detection.
Data taken from our code genome database, containing billions of binary code pieces from known trusted and malicious software, shows that threat actors focused primarily on developing and evolving the codebase of banking trojans and ransomware, while maintaining a high level of effort towards modifying and creating crypto-mining malware strains. In contrast, generic botnet malware had less frequent code innovation year-over-year, indicating lesser investment in modifying its capabilities.
On average, in 2019 malware authors reused more pre-existing code to develop crypto-miners and DDoS botnets than they did in the previous year. This data suggests that adversaries have become less concerned with making innovations in these two threat categories.
On the contrary, 2019 saw an increase in the use of new, unique code written to develop banking trojans and ransomware. This evolution in writing more code from scratch suggests that adversaries are looking to expand their threat capabilities and evade detection.
Why is this significant? Heading into 2020, these code innovation trends may be indicative of the types of malware that will require more effort to identify and contain due to the investment made by adversaries to constantly evolve their code.
We want to thank IBM Security for including us in their annual threat intelligence index report. To read the full report, please visit their website.
Incorporate GMA into your security strategy. We offer Genetic Malware Analysis solutions for runtime cloud workload protection, incident response automation, threat intelligence, and more. Contact us to start using the tech today.