In which applications to wait for an unknown malicious code?
Today I looked through the Wildfire statistics and it became interesting for which applications the unknown malicious code (zero-day) walks and how often. The picture shows statistics on applications and the frequency of attacks through this application. The first column is the name of the application. The second column indicates how many days per year in this application select the zero-day. The third column is the number of sessions of this application or, in fact, the number of samples per year. Statistics taken for the entire 2018 from January to December.
Interestingly, there are applications that malicious code rarely use, such as the SOAP application, but they see it every day. There is where every day and in large volumes. I can see from my experience that the most frequent sandboxing applications are SMTP and web-browsing. Other applications are usually ignored. Most likely, the attacks take place just where they are not expected.
The Wildfire cloud sandbox is accessible from any corner of the Internet, you can send files to it for checking from any firewall or any host or even check the interface manually via the web.
Interestingly, the Wildfire signature database is updated by all participants every minute, respectively, all those who subscribe to the zero-day update service can pick up fresh signatures every minute and block the zero-day other members of the community zero-day in a network or workstation in a timely manner.
Interestingly, there are applications that malicious code rarely use, such as the SOAP application, but they see it every day. There is where every day and in large volumes. I can see from my experience that the most frequent sandboxing applications are SMTP and web-browsing. Other applications are usually ignored. Most likely, the attacks take place just where they are not expected.
The Wildfire cloud sandbox is accessible from any corner of the Internet, you can send files to it for checking from any firewall or any host or even check the interface manually via the web.
Interestingly, the Wildfire signature database is updated by all participants every minute, respectively, all those who subscribe to the zero-day update service can pick up fresh signatures every minute and block the zero-day other members of the community zero-day in a network or workstation in a timely manner.
Source: https://habr.com/ru/post/439076/