A report released Wednesday indicates an organization on average experiences a malware-related event every three minutes, often involving business-related spear phishing and targeting technology companies.
Those findings were included in a new report on advanced persistent threats released by researchers at the FireEye Malware Intelligence Lab and drawn from 89 million events the company’s appliances gathered worldwide during the second half of 2012.
“The high rate at which cyber attacks are happening illustrates the allure of malware,” said Zheng Bu, the senior director of research, in a prepared statement. “Today, malware writers spend enormous effort on developing evasion techniques that bypass legacy security systems. Unless enterprises take steps to modernize their security strategy, most organizations are sitting ducks.”
The report notes that the millions of analyzed malware events could be characterized as APTs because they bypassed traditional signature- and behavior-based technologies such as firewalls and intrusion prevention systems on the frontlines of network security.
Among the report’s key findings:
–On average, malware events occur at a single organization once every three minutes, with many events involving malicious e-mails, a malicious link on a Web page or an infected machine linked to a command-and-control server.
“This nearly continuous rate of attacks and activities is indicative of a fundamental reality: these attacks are working, yielding dividends,” according to the report.
–Technology companies are twice as likely to be barraged by malware campaigns as the next closest vertical, telecom companies, because of the high concentration and value of intellectual property . Rounding out the top five are logistics/transportation, manufacturing and banking/finance. The lowest average events occur in government, energy and legal companies.
–Telecom and tech companies in particular suffered more sustained or consistent attacks, compared to other industries such as banking, business services and legal, which showed a more erratic pattern. Energy, entertainment/media, government, healthcare, logistics and manufacturing showed less, but still significant, volatility.
–The most common method for infiltration was spear phishing by sending e-mails laced with common business terms such as shipping and finance to get the recipient to take the bait. The most common term in malicious .zip files, in fact, was “UPS.” Other attractive terms included details, documents, delivery, fedex and amazon.
–Malware writers continue to use clever evasion tactics such as hiding in sandboxes and laying dormant until a user employs a mouse command and masquerading as trusted digital certificates that have been stolen or revoked. They’re also dropping the all-too-common .exe for the less traditional dynamic link libraries. “By using DLLs, the malware can establish persistent control as every time a vital, commonly used application like Internet Explorer is used, the malicious payload is loaded automatically—without any user involvement or awareness. If the malware was dependent on user commands to execute a malicious payload chances are much more likely that users would get suspicious and not take the step necessary for the malware to operate.”