Technology Companies Attacked Once Every Minute, According To New Report
No sense in wasting any time. Malware certainly doesn't.
The average enterprise is under a constant state of duress, experiencing a malware event roughly once every three minutes. The rate of malware activity, of course, varies across type of industry. For technology companies, the most highly targeted vertical, that figure drops down to once every minute, according to FireEye's 2nd Half of 2012 Advanced Threat Report.
Zheng Bu, senior director of research at FireEye, said that the high rate of attack shows just how alluring the current state of malware is.
“Today, malware writers spend enormous effort on developing evasion techniques that bypass legacy security systems," Bu wrote in a press release "Unless enterprises take steps to modernize their security strategy, most organizations are sitting ducks.”
The report found that malware writers have focused their efforts on methods of evasion. Just this week, FireEye researchers discovered a piece of malware dubbed Trojan.APT.BaneChant, which is delivered via a phony Word document. What makes this piece of malware unique is its ability to wait for three user mouse clicks prior to activation. Once the malware detects sufficient mouse clicks, it then delivers its payload.
Malware that employs this sort of tactic could potentially trick current sandbox detection systems since the malware doesn’t generate any activity. In addition, malware writers have also incorporated virtual machine detection to bypass sandboxing, according to the report.
Ashar Aziz, FireEye founder and CTO said in a press release that this heightened level of malware evasion demands a new approach to security from the enterprise.
"As cybercriminals invest more in advanced malware and innovations to better evade detection, enterprises must rethink their security infrastructure and reinforce their traditional defenses with a new layer of security that is able to detect these dynamic, unknown threats in real time," he wrote.
Like the Trojan.APT.BaneChant, researchers found that the most common delivery method for advanced malware remained spear phishing. Most of the time, attackers choose to bait their hook with common business terms like shipping and delivery, finance, and general business. The top term in malware file names, for example, was “UPS," according to the report.
The advanced threat report is complied from data culled from 89 million malware events and direct intelligence uncovered by the FireEye research team.
A complete copy of the report can be downloaded HERE.