ID: IRCNE2013041808
Date: 2013-04-07
According to "itpro", the average enterprise organisation is hit by a malware attack every three minutes, according to a new report by security vendor FireEye.
The company tracked 89 million malware events that took place across the globe during the second half of 2012, and used the findings to create the latest edition of its Advanced Threat Report.
The document’s aim is to provide organisations with an insight into the wide range of cyber attacks that regularly bypass IT security systems.
Its findings suggest enterprise firms experience a malware event (in the form of a malicious email file attachment or web link, for example) once every three minutes, with technology companies among those most frequently targeted.
Zheng Bu, senior director of research at FireEye, said enterprises should take note of this attack rate and prepare their defences accordingly.
“Malware writers spend enormous effort on developing evasion techniques that bypass legacy security systems,” he said.
The report also shed light on some of the most popular attack methods employed by cyber criminals during malware delivery campaigns, as well as some less common ones.
For example, spear phishing emails were flagged as the most common means of initiating a malware attack, while ZIP files emerged as the preferred choice to deliver malware.
“Instances of malware [were] uncovered that execute only when users move a mouse, a tactic that could dupe current sandbox detection systems since the malware doesn’t generate any activity,” said FireEye in a statement.
“In addition, malware writers have also incorporated virtual machine detection to bypass sandboxing.”
David Harley, security research fellow at anti-virus vendor ESET, said spear phishing and social engineering techniques are popular with cyber criminals because of how easily they evade detection.
“As such, technical defences like spam filters and firewalls are less likely to pick them up.” said Harley.
“The best defences are multi-layered. These involve efficient updating and patching [and] not relying on a single layer/security solution, such as a firewall or Intrusion Prevention System (IPS).”
- 2