Cylance October 2018 OMNI REPORT

| Threat Assessment Report Cylance October 2018 OMNI REPORT

Cylance : AV Threat Report Without exception, organizations are facing a surge of attacks that are succeeding in breaching their existing layers of defenses. As the gold standard for endpoint remediation, Malwarebytes has unmatched the visibility into the threats that have evaded detection and have infected endpoints around the world. Most organizations underestimate the infection rate of their endpoints as many threats go undetected and hidden. This is a costly issue. This Omni Report highlights the attacks missed by Cylance over the course of 2016-12-08 to 2018-09-15. The report focuses exclusively on remediation events processed by Malwarebytes, indicating that the machine was positively infected.

Detections per Infected Machine Total Detections

5.4 Infection Rate 110,213

Infected Machines: 20,509

21.4% Infected (20,509 Machines)

Clean Machines: 75,272

The chart above shows the infection rate across scans on machines currently installed with Cylance. OMNI REPORT

Cylance : AV Threat Report

28,078

25,000 Infected Machines: Critical Detections Found

20,000

15,000 Detections

8,505 10,000 8,450

5,000 2,657 2,379 1,450 1,016

0 Trojan Backdoor Ransom Spyware Worm Rogue Rootkit

The chart above highlights the type of detection that was identified and remediated on machines currently installed with Cylance. OMNI REPORT

Cylance : Speciﬁc Threats Found (Infected Machines) Threat Categories Threat Variants

Threat Categories Detections  % of Total Threat Variants Detections  % of Total

Trojan 28,078 25.5% Hijack.ControlPanelStyle 12,791 11.6%

Adware 19,335 17.5% Generic.Malware/Suspicious 12,267 11.1%

Hijacker 16,001 14.5% Ransom.WannaCrypt 7,464 6.8%

Generic 12,267 11.1% Trojan.Emotet 5,213 4.7%

Backdoor 8,505 7.7% Backdoor.Agent.Generic 3,540 3.2%

Ransom 8,450 7.7% Adware.ChinAd 3,413 3.1%

RiskwareTool 5,144 4.7% Trojan.Injector 3,406 3.1%

Spyware 2,657 2.4% Backdoor.Qakbot 3,091 2.8%

Worm 2,379 2.2% Adware.WinYahoo 2,078 1.9%

MachineLearning/Anomalous 2,167 2.0% Trojan.Agent 1,924 1.7%

Rogue 1,450 1.3% Adware.Cmptch.Generic 1,914 1.7%

HackTool 1,247 1.1% RiskWare.IFEOHijack 1,846 1.7%

Rootkit 1,016 0.9% Trojan.MalPack 1,703 1.5%

CrackTool 666 0.6% Hijack.FolderOptions 1,660 1.5%

Heuristics 288 0.3% MachineLearning/Anomalous.100% 1,403 1.3%

PornTool 182 0.2% Spyware.Emotet 1,154 1.0%

FraudTool 107 0.1% Trojan.Agent.Generic 1,145 1.0%

Exploit 82 0.1% Trojan.Agent.ED 988 0.9%

MisusedLegit 64 0.1% Trojan.TrickBot 960 0.9%

CheatTool 34 0.0% Rootkit.Fileless.MTGen 934 0.8%

Virus 33 0.0% Rogue.SearchEncrypt 923 0.8%

Joke 23 0.0% Adware.Agent 858 0.8%

Unknown 21 0.0% Trojan.Kovter 806 0.7%

DDoS 6 0.0% Adware.Yontoo 801 0.7%

SpamTool 6 0.0% Adware.Elex.ShrtCln 766 0.7%

Hoax 2 0.0% Adware.MoboGenie 727 0.7%

Legitimate 2 0.0% Trojan.Fileless.MTGen 726 0.7%

VirTool 1 0.0% Trojan.Floxif 725 0.7%

Total 110,213 100% Trojan.Downloader 680 0.6%

RiskWare.BitCoinMiner 661 0.6%

Adware.Sogou 639 0.6%

Hijack.Tray 630 0.6%

RiskWare.Tool.CK 598 0.5%

Trojan.Banker 596 0.5%

Spyware.TrickBot 547 0.5%

Adware.Hao123 518 0.5%

Worm.Agent.Generic 499 0.5%

RiskWare.MicTray 469 0.4%

Adware.Yontoo.Generic 467 0.4%

Backdoor.Qbot 454 0.4%

Trojan.PasswordStealer.E.Generic 448 0.4%

Trojan.Emotet.Generic 422 0.4%

Trojan.Crypt 416 0.4%

Trojan.Agent.Gen 396 0.4% OMNI REPORT

Threat Variants Detections  % of Total

Worm.Qakbot.TskLnk 379 0.3%

RiskWare.Tool.HCK 364 0.3%

Trojan.Agent.VBS 351 0.3%

CrackTool.Agent.Keygen 333 0.3%

Backdoor.Bot 315 0.3%

Trojans continue to be highly prevalent and allow cyber-criminals to spy on systems, obtain confidential data, and gain backdoor access to systems.

Ransomware appears in relatively low volume. However, it represents a large portion of threats in the wild due to its crippling business impact and the likelihood of businesses to pay ransoms in the hope of unencrypting files. Typical remediation can effectively remove ransomware from a machine. However, the businesses encrypted files will remain encrypted post-remediation (a key is required to unencrypt the files). Malwarebytes provides modern remediation with ransomware rollback capabilities; however, this needs to be installed on machines prior to an attack in order to roll back the file encryption actions. OMNI REPORT

Cylance : Malware Velocity Board

Top 20 Malware by Detection Count: Cylance installed (Remediation + Real-Time Protection)

Last 4 Hours Yesterday Last 7 Days

MachineLearning/Anomalo Generic.Malware/Suspiciou Generic.Malware/Suspiciou

Generic.Malware/Suspiciou MachineLearning/Anomalo MachineLearning/Anomalo

Ransom.WannaCrypt Backdoor.Agent.Generic Backdoor.Agent.Generic

Adware.Norassie Backdoor.Qakbot Backdoor.Qakbot

MachineLearning/Anomalo RiskWare.IFEOHijack RiskWare.IFEOHijack

Trojan.Floxif Ransom.WannaCrypt Hijack.FolderOptions

Spyware.Emotet Ransom.WannaCrypt

Hijack.SecurityRun Spyware.Emotet

MachineLearning/Anomalo Hijack.Tray

Hijack.FolderOptions Hijack.SecurityRun

Rogue.SearchEncrypt Spyware.TrickBot

Spyware.TrickBot Rogue.SearchEncrypt

Hijack.Tray MachineLearning/Anomalo

Worm.Forbix Worm.Forbix

MachineLearning/Anomalo Backdoor.Bot

Backdoor.Qbot Backdoor.Qbot

Spyware.TrickBot.E MachineLearning/Anomalo

MachineLearning/Anomalo Worm.Rowmanti.E

Backdoor.Bot Spyware.TrickBot.E

Worm.Qakbot.TskLnk MachineLearning/Anomalo