Every three minutes, the average company encounters malware activity that exposes its information systems to attack, according to the latest report released by threat-protection firm FireEye.
Attackers are also increasingly using tactics aimed at escaping detection by standard defenses such as antivirus software, according to FireEye’s Advanced Threat Report for the second half of 2012.
While law firms only see an event every 30 minutes, technology firms are attacked in some way every minute on average.
Based on data from 89 million incidents over six months, FireEye classified malicious activity as a drive-by download, a compromised computer contacting a botnet controller over the Internet or the receipt of an email with a malicious attachment or link.
Attacks against companies in industries such as banking and legal services had wide variances in the number of incidents they faced each month. While other industries, such as technology and telecommunications, faced a much more consistent threat, the report found.
While the company did not release data on the trends, it found that increasing numbers of malware either detects the virtual machines (VMs) used as an environment to analyse malicious code or used delaying tactics to outlast the typical time that software programs are analysed. In addition, more malware is signed by a digital certificate to seem more legitimate.
“There is actually a very strong effort by malware writers to evade a lot of defences – not just antivirus anymore, but bypassing a lot of traditional sandboxing methods,” Rob Rachwald, senior director of market research FireEye told eWEEK.”
FireEye appliances are typically placed inside a company’s firewalls and email security gateways, so the events detected by the company are those that passed the first line of defences.
Malware that waits for actual user activity before executing will get passed to the user as a non-malicious file, Anup Ghosh, chief executive and founder of Invincea, an endpoint security firm.
“Companies have to be careful that if they are doing the analysis in a virtual environment, (the malware) may detect the VM and decide not to run,” said Anup Ghosh, chief executive and founder of Invincea. “Then you are passing it onto the user, indicating that it’s no threat, and that is a problem.”
FireEye also found that ZIP-compressed files are the most common form of email attachment, encompassing 92 percent of all malicious file types found appended to email messages.
The study represents only a snapshot of the data FireEye collected, but other security firms have made similar findings.
On 25 March, network security firm Palo Alto Networks released its own report finding that nearly 40 percent of malware escapes detection and makes it into the network.
Are you a security pro? Try our quiz!
Originally published on eWeek.
CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…