The company said that a fifth were discovered and identified as malicious by Astraea – a machine-learning based malware analysis system working inside Kaspersky Lab’s infrastructure.
The number of cyberthreats appearing every day is now so big that it is impossible to process each one of them manually. That’s why automating the malware discovery and analysis process, in combination with human expertise, is the best approach when it comes to fighting modern cyberthreats.
The percentage of malware discovered and added automatically to the Kaspersky Lab cloud database by Astraea has been growing steadily over the last five years: from 7.53% in 2012, to 40.5% in December 2016. The proportion is growing in line with the number of new malicious files discovered daily by Kaspersky Lab experts and detection systems. This has increased from 70,000 files per day in 2011 to 323,000per day in 2016.
“One billion unique malicious files is a remarkable milestone. It shows the scale of the cybercriminal underground, which has developed from several small forums offering customised malicious tools, to the mass production of malware and tailored cybercriminal services. It also highlights the quality and evolution of our automated malware analysis technologies. Out of these billion files, more than 200 million have been added by the Astraea machine-learning system. Our advanced systems now not only detect the vast majority of known malware we get on a daily basis, but also discover the unknown threats. Although the remaining 800 million files have been added by other internal detection systems, or by experts, the contribution to the Kaspersky Lab cloud database by machine-learning systems is substantial and will continue to grow,” says Vyacheslav Zakorzhevsky, Head of Anti-Malware Team at Kaspersky Lab.
Astraea is one of the machine-learning malware analysis systems that forms part of the Kaspersky Lab protection infrastructure. Astraea automatically analyses notifications from protected computers and helps uncover previously unknown threats. By using the threats’ metadata (like age, origin, filename, file path and more) the system is able to fully detect threats without information about the file contents.