The total number of Trojans spotted by Trend Micro in October was up 30 percent over September, with the category now accounting for nearly half (47 percent) of all malware. (That percentage is also up over September, said Trend Micro, by two percent.) Coupled with backdoors, which are basically remote access Trojans, the two made up almost 65 percent of all detected malware.
It's proof, said Hartmann, that hackers are assembling ever bigger bot networks that they can then turn into profit-making machines.
"It's all profit driven now," he said. "Before, hacking used to be like digital graffiti. Once a machine was infected, that was it. But now the purpose of infecting systems to recruit this big zombie army, then use it to steal confidential information or rent it to spammers or use it to deliver pop-up advertisements"
On the worm side of the coin, the top two for the month were long-time list inhabitants Netsky.p and Zafi.b. But it was the departure of Sasser from its number one ranking that was among the big news of the month, said Trend Micro. Sasser's vanishing act -- it disappeared from the top 10 list -- may mean that most systems have finally been patched against the Windows vulnerability that Sasser exploited. The LSASS vulnerability which Sasser used to infect Windows machines was first disclosed in April 2004.
"After spending three months at the top of the list of the most notorious malware, the Sasser seems to have slowed down its onslaught," Trend Micro's report read.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
