APT threat actors behind quarter of data breaches

News by Doug Drinkwater

A new study reveals that 97 percent of companies have been breached, and increasingly they are compromised by 'advanced' malware from APT threat actors.

In its new ‘Maginot Revisited: More Real-World Results from Real-World Tests' study, FireEye tested security defences by evaluating 1,600 network and email sensors deployed in real-life networks at 1,214 companies across the globe.

The report followed on from the first Maginot survey in May and the security vendor says that the two combined have allowed it to observe some noticeable trends, such as the rise of sophisticated malware – especially in the legal sector - and how these samples continue to evade detection by ‘multiple layers' of ‘conventional defence-in-depth tools'.

[More confusingly however, the firm said both that there was “marked increases in attacks using advanced malware” and yet, elsewhere in the report, it adds that the “overall percentage of breaches that involved advanced malware held steady at about 27 percent”.]

The headline statistic from the report was that nearly 97 percent of organisations in the study had seen their systems breached in the test period, with 27 percent of these breaches showing signs that were 'consistent with tools and tactics employed by known advanced persistent threat (APT) actors'.

The largest increases in compromises came in the retail (up by five percent) and healthcare and pharmaceutical sectors (up by four percent), but it was legal that saw the biggest rise of advanced malware attacks; the percentage of breaches involving advanced malware doubled from the previous test period to 10 percent.

Chris Boyd, malware intelligence analyst at Malwarebytes, noted that every company trialled in the retail industry suffered a breach, and that 91 percent of those in entertainment and media suffered the same fate. He was not surprised and believes there's more to come this year.

“Retail and entertainment are sure to be key targets in 2015, as we've seen from the wide ranging and occasionally devastating compromises for the purposes of both personal gain and public humiliation in 2014,” he told SCMagazineUK.com.

“Layered defence and up to date operating systems are important tools in the battle to secure networks, but it's clear that training and continued education inside the workplace are increasingly important as social engineering combined with even the most basic of threats can result in a catastrophic breach.”

Dave Palmer, director of technology at security intelligence outfit Darktrace, added in an email to SC:  “We agree that the majority of companies with legacy defences have already been compromised. Therefore it is critical for companies to understand and detect threats that are already inside their networks, whether it is external threat actors or rogue employees.”

Mark Hughes, president of BT Security, meanwhile, said that most organisations still haven't got a handle on the threat landscape.

"The report underpins the need for organisations to gain as full an understanding as possible of the threat landscape," he told SC. "There is an active and growing market for the creation of targeted malware and as a result, the frequency at which unique and malicious code can be written has increased. Organisations need to recognise this and take a proactive approach to their cyber-security.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews