In its recently released Advanced Threat Report covering the second half of 2012, security vendor FireEye--drawing from data gathered from 89 million events spanning several thousand appliances deployed at customer sites around the world--found that organizations are getting pounded by increasingly sophisticated malware infections that lure users with common business terms and are written to evade common detection methods.
This is in keeping with one of the key findings from InformationWeek's 2012 Strategic Security Survey, namely that the number one challenge faced by IT and security professionals is managing increasing complexity--complexity that's fueled by the always-expanding array of techniques used by cyber criminals.
FireEye's research indicates that companies experience a malware event every three minutes, making it the most common threat IT security teams face. This is hardly surprising given that developers of malicious software have been emboldened by their growing ability to evade such defenses as network firewalls, intrusion prevention systems, and anti-virus software. Again, this tracks with InformationWeek's 2012 survey, which found that malware and phishing were by far the two most frequent types of breaches experienced by respondents.
The industry hardest hit by malware, according to FireEye? Technology, where companies possess a high concentration of intellectual property. Tech firms faced nearly double the volume of malware campaigns of the second most victimized industry, telecommunications.
FireEye's report also notes that a disconnect between the investment companies make in security and the results they're getting has become readily apparent. The company cites research from IDC showing that total spending on security grew from $12 billion to $28 billion between 2003 and 2011, but that the mix of technologies being purchased barely changed during that time.
Thirty-one percent of respondents to the InformationWeek survey said their security spending would increase.
That lack of evolution in security strategies is seen as a major contributor to the uphill battle many organizations face on the security front.
"This stasis has helped malware writers move into the pole position in the cyber arms race," FireEye wrote in its report.
It also explains why InformationWeek's 2012 survey found that 15% of organizations say they're more vulnerable to attacks and breaches, exactly the same ratio that said so in 2011.
[ Join us at Interop Las Vegas for access to 125+ IT sessions and 300+ exhibiting companies. Register today! ]
Meanwhile, the bad guys keep evolving. For instance, FireEye found that of the 10 most common terms used in phishing campaigns that often seek to unleash malware were UPS, FedEx, MyUPS and tracking, terms intended to entice less savvy users to click on links and attachments. It also found that malware writers have focused their innovation efforts on evading detection, including instances of malware that execute only when users move their mouse or that incorporate virtual machine detection to bypass sandboxing.
To further demonstrate the increasing sophistication of the threats IT security groups face, FireEye zeroed in on a particular advanced persistent threat called Operation Beebus. The group, which has hit at least six major aerospace and defense contractors, has a single purpose: gathering intelligence about its victims while evading detection. It employs a novel approach, disguising its attacks as attachments that appear to be well-known business documents and white papers published by trusted sources of information in the aerospace and defense industry.
"By understanding Beebus, security teams can understand the anatomy of an APT attack," wrote FireEye in its report. "Sadly, the Beebus episode demonstrates how malware writers have the upper hand."