Businesses are being targeted by cyber attacks once every three minutes with methods that traditional security tools are struggling to cope with, according to new research.
The figures come from security firm FireEye's 2H 2012 Advanced Threat Report and are pulled from a combination of 89 million malware samples and research from its security team, FireEye said. The malware events this study looked at are the ones that would “routinely” bypass what FireEye calls legacy defences, including technology such as firewalls, next-generation firewalls, anti-virus and security gateways.
These sorts of cyber attacks are now so prevalent that FireEye says businesses are facing, on average, a malware event once every three minutes. For technology companies that figure is even worse, with attacks coming every minute. Malicious email files and web links are the primary means used by cyber criminals to transmit malware, the study said.
FireEye's research also revealed that spear phishing is the most common attack vector for these advanced malware campaigns. This usually involves sending an email with a malicious attachment to a specific person. The attachment is given a name that is likely to tempt the recipient into opening the file. According to the company, shipping and delivery, finance and general business are the most common subjects, while 92 per cent of malware is delivered via a Zip file.
The report also exposed some of the techniques malware writers are using to ensure their attacks get through security defences. One method is to incorporate a virtual machine detector into the malware, so it can bypass sandboxing. Similarly, FireEye said it has detected malware that only executes once a user moves the mouse, a “tactic which could dupe current sandbox detection systems since the malware doesn't generate any activity.”
“This report provides an overview of how attacks have become much more advanced and successful at penetrating networks, regardless of industry,” said Ashar Aziz, FireEye founder and CTO.
“As cyber criminals invest more in advanced malware and innovations to better evade detection, enterprises must rethink their security infrastructure and reinforce their traditional defences with a new layer of security that is able to detect these dynamic, unknown threats in real-time,” Aziz added.
FireEye is run by former McAfee CEO Dave DeWalt, who first joined the company's board of directors in June 2012. Earlier this year former Symantec CEO Enrique Salem also joined the board of directors at FireEye.