Browse archive

Latest news

Fighting cybercrime is on the right track

Google set to upgrade its SSL certs

IT security pros have trouble communicating with executives

Zeus variants are back with a vengeance

Facebook phishers target Fan Pages owners

Killer apps: The performance of networked applications

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

Review: Logging and Log Management

Hacking charge stations for electric cars

Cybercriminals use throw-away domains to infiltrate enterprise networks

Posted on 30.08.2012

The first six months of 2012 saw continued increases of malicious infection activity and an intensified danger of email-based attacks as cybercriminals increasingly employed throw-away domains to infiltrate enterprise networks, according to a FireEye report.

Research shows that over 95 percent of companies are compromised by advanced malware and most are not aware of the attack.

Key findings include:

Explosive growth of advanced malware infections – Advanced malware that evades signature-based detection increased nearly 400 percent since 2011, to an average of 643 successful infections per week per company.

Intensified danger of email-based attacks – 56 percent growth in email-based attacks in 2Q 2012 versus 1Q 2012. Malicious links were more widely used than malicious attachments in the last two months of the second quarter of 2012.

Increased use of dynamic, throw-away domains – An increase in dynamic links that were used five times or less. Originating from large-volume email-based attacks, links that were seen just once grew from 38 percent in the second half of 2011 to 46 percent in the first half of 2012.

Patterns of attack vary substantially by industry – Patterns of attack were radically different between the financial services, energy/utilities, healthcare, and technology industries. But one constant remains – industries with significant intellectual property or customer and financial data remain the primary targets as attacks increase.

“The results of this report make it even more clear that reactive signature-based defences cannot prevent evasive strains of malware from making their way into the enterprise,” said Ashar Aziz, FireEye founder and CEO. “Attackers continue to remain a step ahead of traditional defences, so organisations must rethink their IT security architecture and implement appropriate security measures to prevent advanced cyber attacks such as zero-day attacks and advanced persistent threats (APTs).”

As cybercriminals develop and invest in advanced malware, enterprises must reinforce their traditional defences with a new layer of dynamic security that is able to detect unknown threats in real-time, thwarting malware communications back to command and control servers and blocking data exfiltration.

This extra layer of defence needs to be designed specifically to fight the unknown and zero-day tactics common in targeted attacks and APTs.

The complete report is available here (registration required).