Where there’s political conflict there are spikes in malware incidents, security provider Comodo concluded in its new 2017 Global Malware Report. Malware infection studies often mention in passing that politics and cyber attacks are bedfellows but few actually tie the two together, if not by causality then certainly by circumstance.
This one makes a tighter case. “From elections to North Korea nuclear threats and missile launches, it seems likely that cyber actors are using geopolitical events to achieve cyber activism and other goals,” wrote the cyber security specialist in a blog post.
Comodo's researchers acknowledged that while they can’t prove “causation,” they can “demonstrate correlation between geopolitical issues and diverse malware attacks,” offering three examples:
- U.S. elections: A spike in Kryptik trojans occurred on Oct. 24, 2017, with more than 94 percent of nearly 300,000 trojans focused on Virginia, where a close and hard-fought gubernatorial election took place.
- East Asia: China experienced a malware virus surge of nearly 20,000 when President Xi visited the U.S. in April 2017 and North Korea simultaneously fired test missiles. Similarly, Trojan attacks in China spiked to 30,000 during the Silk Road Summit in early to mid-May 2017, 40,000 in early August 2017 after an earthquake and a U.S.-China naval dispute, and 55,000 on Sept. 3, 2017, after China, the U.S. and Russia condemned a North Korea nuclear test.
- North Korea: Comodo, which claims to be one of the few commercial cybersecurity companies with visibility into North Korea, said that on September 19, 2017 a “startling Trojan increase in the country” occurred, seemingly timed to President Trump’s speech at the United Nations where he threatened to destroy North Korea.
While none of the malware attacks present incontrovertible evidence, neither do they appear to be solely circumstantial or coincidental. Without directly saying so, Comodo has implied as much to at least suggest a correlation.
Comodo also said its research showed trojans to be the top malware threat, detected in 225 countries in 2017. Russia was the leading recipient with nine percent of all trojan detections and also leading the world in backdoor attacks and worm infections. The U.S. led the world in application threats, including unsafe and unwanted applications, viruses and packer malware. Russia and the U.S. were the top countries for malware detections in 2017, while online services and technology were the most targeted verticals.
The report is intended to help cyber security decision makers arm themselves against global cyber threats and adjust accordingly their strategy, technology, services, and priorities of internal skilled security pros.