Categories: SecurityWorkspace

New Techniques Help Malware Evade Defences

Every three minutes, the average company encounters malware activity that exposes its information systems to attack, according to the latest report released by threat-protection firm FireEye.

Attackers are also increasingly using tactics aimed at escaping detection by standard defenses such as antivirus software, according to FireEye’s Advanced Threat Report for the second half of 2012.

Technology firms targeted

While law firms only see an event every 30 minutes, technology firms are attacked in some way every minute on average.

Based on data from 89 million incidents over six months, FireEye classified malicious activity as a drive-by download, a compromised computer contacting a botnet controller over the Internet or the receipt of an email with a malicious attachment or link.

“While virtually every company in every industry is being targeted by advanced attacks, there are some clear variances across the industries,” FireEye stated in the report. “The goals of attackers, the tactics they use and the frequency of attack can all vary substantially depending on the industry being examined.”

Attacks against companies in industries such as banking and legal services had wide variances in the number of incidents they faced each month. While other industries, such as technology and telecommunications, faced a much more consistent threat, the report found.

While the company did not release data on the trends, it found that increasing numbers of malware either detects the virtual machines (VMs) used as an environment to analyse malicious code or used delaying tactics to outlast the typical time that software programs are analysed. In addition, more malware is signed by a digital certificate to seem more legitimate.

Evading defences

“There is actually a very strong effort by malware writers to evade a lot of defences – not just antivirus anymore, but bypassing a lot of traditional sandboxing methods,” Rob Rachwald, senior director of market research FireEye told eWEEK.”

FireEye appliances are typically placed inside a company’s firewalls and email security gateways, so the events detected by the company are those that passed the first line of defences.

Malware that waits for actual user activity before executing will get passed to the user as a non-malicious file, Anup Ghosh, chief executive and founder of Invincea, an endpoint security firm.

“Companies have to be careful that if they are doing the analysis in a virtual environment, (the malware) may detect the VM and decide not to run,” said Anup Ghosh, chief executive and founder of Invincea. “Then you are passing it onto the user, indicating that it’s no threat, and that is a problem.”

ZIP files

FireEye also found that ZIP-compressed files are the most common form of email attachment, encompassing 92 percent of all malicious file types found appended to email messages.

The study represents only a snapshot of the data FireEye collected, but other security firms have made similar findings.

On 25 March, network security firm Palo Alto Networks released its own report finding that nearly 40 percent of malware escapes detection and makes it into the network.

Are you a security pro? Try our quiz!

Originally published on eWeek.

Robert J Mullins, eWeek USA 2013. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago