160,000 new malware samples arriving every day

News by Steve Gold

Log management and file integrity management may be the solution - Randomstorm head of R&D Steve Jones.

Research just published by Panda Security claims to show that malware creation has broken new levels - with 160,000 new samples being spotted every single day - whilst trojans are now responsible for four out of five (79.9 percent) infections around the world.

Commenting on the Q1-2014 report, Luis Corrons, Panda's technical director says that the first quarter saw levels of cybercrime continuing to rise.

"In fact, we have witnessed some of the biggest data thefts since the creation of the Internet, with millions of users affected," he said.

Delving into the report reveals some good news, namely that European countries ranked high among the least infected - with the best figures coming from Sweden (21.03 per cent), Norway (21.14 per cent), Germany (24.18 percent) and Japan (24.21 percent). The UK ranked as the fifth least infected country with 24.48 per cent of infections.

So how bad is the malware and cybercrime situation?

Panda's Q1 analysis says that malware creation has now hit record numbers - with companies worldwide becoming targets for massive data thefts.

"Nevertheless, there has also been good news in the fight against cybercrime, like the FBI's announcement that the mastermind behind SpyEye, one of the worst banking Trojans ever, pleading guilty to bank fraud," says the report.

The analysis goes on to say that attacks on Android devices continue to increase, affecting a growing number of devices. Because of this, Panda says that its next quarter report will provide new details about these incidents, the most common security threats and the number of actual infections.

Rob Sloan, response director with Context Information Security, says that, because Panda's report goes into some detail on the Target data breach, it recognises that anti-virus is ineffective against targeted attacks which are crafted to evade signature based detection.

"This is an important point - antivirus can be relied upon, in the main, to protect against the lesser sophisticated attacks, but it is not the solution for the sort of attacks which cause the greatest impact to organisations," he said.

Keith Bird, UK MD with Check Point, agreed the findings of the report. He says that his research team has seen a big increase in new malware creation over the past year.

"Our own 2014 security report found that on average, a known malware variant is being downloaded to company networks every 10 minutes, and an unknown variant every 27 minutes. Organisations need multiple layers of security to defend against the sheer volume of threats, as conventional defences are getting overwhelmed," he explained.

Lucas Zaichkowsky, enterprise defence architect with AccessData, said that the report confirms what many CISOs have come to recognise - that in effect, organisations are in a state of continuous compromise.

In the AccessData/Ponemon Institute `Threat Intelligence & Incident Response' report of February, he says, researchers found that 86 per cent of the 1,000-plus CISOs believes that detection of cyber attacks takes too long.

"This has implications for compliance with the mandatory breach disclosure proposed under the new EU General Data Protection Regulation. Three-quarters of the survey sample reported that of lack integration between point solutions slows down their response to cyber incidents," he said, adding that 61 percent of the CISOs polled also complained that the alert `noise' created by different point security solutions hinders breach investigations.

Steve Jones, head of R&D with Leeds-based open source security specialist RandomStorm, said that - even with best security defences in place - a highly targeted attack designed to evade anti-malware, such as compromising employees' log in details or an insider attack, can still lead to a breach.

"The key to ongoing security is to employ continuous monitoring and act quickly whenever unusual activity is detected. As we saw with eBay, the initial compromise of employee log in details occurred in February or March, but the database compromise was not detected until May," he said.

"Log management and file integrity management can help to identify unusual activity on the network, but organisations need to set up the security equivalent of a fire drill to ensure that alerts are acted upon," he added.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews