| Threat Assessment Report Cylance October 2018 OMNI REPORT
Cylance : AV Threat Report Without exception, organizations are facing a surge of attacks that are succeeding in breaching their existing layers of defenses. As the gold standard for endpoint remediation, Malwarebytes has unmatched the visibility into the threats that have evaded detection and have infected endpoints around the world. Most organizations underestimate the infection rate of their endpoints as many threats go undetected and hidden. This is a costly issue. This Omni Report highlights the attacks missed by Cylance over the course of 2016-12-08 to 2018-09-15. The report focuses exclusively on remediation events processed by Malwarebytes, indicating that the machine was positively infected.
Detections per Infected Machine Total Detections
5.4 Infection Rate 110,213
Infected Machines: 20,509
21.4% Infected (20,509 Machines)
Clean Machines: 75,272
The chart above shows the infection rate across scans on machines currently installed with Cylance. OMNI REPORT
Cylance : AV Threat Report
28,078
25,000 Infected Machines: Critical Detections Found
20,000
15,000 Detections
8,505 10,000 8,450
5,000 2,657 2,379 1,450 1,016
0 Trojan Backdoor Ransom Spyware Worm Rogue Rootkit
The chart above highlights the type of detection that was identified and remediated on machines currently installed with Cylance. OMNI REPORT
Cylance : Specific Threats Found (Infected Machines) Threat Categories Threat Variants
Threat Categories Detections % of Total Threat Variants Detections % of Total
Trojan 28,078 25.5% Hijack.ControlPanelStyle 12,791 11.6%
Adware 19,335 17.5% Generic.Malware/Suspicious 12,267 11.1%
Hijacker 16,001 14.5% Ransom.WannaCrypt 7,464 6.8%
Generic 12,267 11.1% Trojan.Emotet 5,213 4.7%
Backdoor 8,505 7.7% Backdoor.Agent.Generic 3,540 3.2%
Ransom 8,450 7.7% Adware.ChinAd 3,413 3.1%
RiskwareTool 5,144 4.7% Trojan.Injector 3,406 3.1%
Spyware 2,657 2.4% Backdoor.Qakbot 3,091 2.8%
Worm 2,379 2.2% Adware.WinYahoo 2,078 1.9%
MachineLearning/Anomalous 2,167 2.0% Trojan.Agent 1,924 1.7%
Rogue 1,450 1.3% Adware.Cmptch.Generic 1,914 1.7%
HackTool 1,247 1.1% RiskWare.IFEOHijack 1,846 1.7%
Rootkit 1,016 0.9% Trojan.MalPack 1,703 1.5%
CrackTool 666 0.6% Hijack.FolderOptions 1,660 1.5%
Heuristics 288 0.3% MachineLearning/Anomalous.100% 1,403 1.3%
PornTool 182 0.2% Spyware.Emotet 1,154 1.0%
FraudTool 107 0.1% Trojan.Agent.Generic 1,145 1.0%
Exploit 82 0.1% Trojan.Agent.ED 988 0.9%
MisusedLegit 64 0.1% Trojan.TrickBot 960 0.9%
CheatTool 34 0.0% Rootkit.Fileless.MTGen 934 0.8%
Virus 33 0.0% Rogue.SearchEncrypt 923 0.8%
Joke 23 0.0% Adware.Agent 858 0.8%
Unknown 21 0.0% Trojan.Kovter 806 0.7%
DDoS 6 0.0% Adware.Yontoo 801 0.7%
SpamTool 6 0.0% Adware.Elex.ShrtCln 766 0.7%
Hoax 2 0.0% Adware.MoboGenie 727 0.7%
Legitimate 2 0.0% Trojan.Fileless.MTGen 726 0.7%
VirTool 1 0.0% Trojan.Floxif 725 0.7%
Total 110,213 100% Trojan.Downloader 680 0.6%
RiskWare.BitCoinMiner 661 0.6%
Adware.Sogou 639 0.6%
Hijack.Tray 630 0.6%
RiskWare.Tool.CK 598 0.5%
Trojan.Banker 596 0.5%
Spyware.TrickBot 547 0.5%
Adware.Hao123 518 0.5%
Worm.Agent.Generic 499 0.5%
RiskWare.MicTray 469 0.4%
Adware.Yontoo.Generic 467 0.4%
Backdoor.Qbot 454 0.4%
Trojan.PasswordStealer.E.Generic 448 0.4%
Trojan.Emotet.Generic 422 0.4%
Trojan.Crypt 416 0.4%
Trojan.Agent.Gen 396 0.4% OMNI REPORT
Threat Variants Detections % of Total
Worm.Qakbot.TskLnk 379 0.3%
RiskWare.Tool.HCK 364 0.3%
Trojan.Agent.VBS 351 0.3%
CrackTool.Agent.Keygen 333 0.3%
Backdoor.Bot 315 0.3%
Trojans continue to be highly prevalent and allow cyber-criminals to spy on systems, obtain confidential data, and gain backdoor access to systems.
Ransomware appears in relatively low volume. However, it represents a large portion of threats in the wild due to its crippling business impact and the likelihood of businesses to pay ransoms in the hope of unencrypting files. Typical remediation can effectively remove ransomware from a machine. However, the businesses encrypted files will remain encrypted post-remediation (a key is required to unencrypt the files). Malwarebytes provides modern remediation with ransomware rollback capabilities; however, this needs to be installed on machines prior to an attack in order to roll back the file encryption actions. OMNI REPORT
Cylance : Malware Velocity Board
Top 20 Malware by Detection Count: Cylance installed (Remediation + Real-Time Protection)
Last 4 Hours Yesterday Last 7 Days
MachineLearning/Anomalo Generic.Malware/Suspiciou Generic.Malware/Suspiciou
Generic.Malware/Suspiciou MachineLearning/Anomalo MachineLearning/Anomalo
Ransom.WannaCrypt Backdoor.Agent.Generic Backdoor.Agent.Generic
Adware.Norassie Backdoor.Qakbot Backdoor.Qakbot
MachineLearning/Anomalo RiskWare.IFEOHijack RiskWare.IFEOHijack
Trojan.Floxif Ransom.WannaCrypt Hijack.FolderOptions
Spyware.Emotet Ransom.WannaCrypt
Hijack.SecurityRun Spyware.Emotet
MachineLearning/Anomalo Hijack.Tray
Hijack.FolderOptions Hijack.SecurityRun
Rogue.SearchEncrypt Spyware.TrickBot
Spyware.TrickBot Rogue.SearchEncrypt
Hijack.Tray MachineLearning/Anomalo
Worm.Forbix Worm.Forbix
MachineLearning/Anomalo Backdoor.Bot
Backdoor.Qbot Backdoor.Qbot
Spyware.TrickBot.E MachineLearning/Anomalo
MachineLearning/Anomalo Worm.Rowmanti.E
Backdoor.Bot Spyware.TrickBot.E
Worm.Qakbot.TskLnk MachineLearning/Anomalo
www.malwarebytes.com | [email protected] | 1.800.520.2796 |