There’s been a huge jump in malicious, web-based infections targeting companies in the last year, a nearly 400 percent increase from last year, according to research released today by network security company FireEye. The company’s “Advanced Threat Report – 1H 2012,” blames the jump on attackers’ ability to penetrate organizations’ usual security infrastructures.
Comparing numbers from the first half of 2011 to the first half of 2012, there’s been a 399 percent increase in infections per company and a 225 percent growth from the last six months of 2011. That accounts for approximately 643 malicious attacks per week on average. As attackers continue to dupe employees with social engineering tricks and get them to click on bogus links, FireEye believes the number of attacks will continue to rise.
The report goes on to warn about the dangers of e-mail-based attacks, citing a 56 percent increase in the amount of email-based attacks that defeated “organizations’ traditional security mechanisms,” from January to June this year.
FireEye also highlights how using “throw-away domains” in spear-phishing attacks has become more commonplace. Attackers only use malicious short term domains “a handful of times,” sometimes in 10 or fewer emails, in order to go undetected by URL blacklists. According to the report, in the last six months of 2011, 38 percent of the “throw-away” domains used in spear phishing attacks were malicious, yet in 2012 so far, that number appears to be trending upwards, jumping to 46 percent.