Firms Average 9 Targeted Attacks a Year

Tuesday, December 10, 2013 @ 07:12 PM gHale

If end users think they are not on the scope of an attacker, they are wrong because targeted attacks are on the rise.

That is because advanced persistent threat (APT) attacks appear to be more plentiful than even the experts thought, a new study said. Organizations suffered an average of nine targeted attacks in the past 12 months.

Tech. Industry Lags in Security Effectiveness
Attackers Dig in to Mining Companies
Management Seeing the Security Light
Data Breaches Go Undisclosed

Nearly half of those organizations said the attackers successfully stole confidential or sensitive information from their internal networks, according to a new report by the Ponemon Institute called “The State of Advanced Persistent Threats,” commissioned by Trusteer.

As a part of the survey, Ponemon surveyed 755 IT and IT security professionals who have firsthand experience with prevention or detection of targeted attacks on their organizations.

Ponemon found it took victim organizations a long time to even discover they suffered an attack. On average, these attacks went undiscovered for 225 days — a delay respondents attribute to a lack of sufficient endpoint security tools and lean internal resources.

The Ponemon study found most organizations are seeing a decline in “opportunistic” or random, nontargeted attacks and an increase in targeted ones. Sixty-seven percent said opportunistic attacks have not increased in the past 12 months, while 48 percent said targeted attacks have either rapidly increased or increased in same period. The survey defined opportunistic attacks as those where the attackers “have a general idea of what or whom they want to compromise” and only hack them if they encounter exploitable vulnerabilities. “In contrast, targeted attacks are those in which attackers specifically choose their target and do not give up until this target is compromised,” the report said.

Cyberespionage actors are getting stealthier, encrypting their malware to evade detection, for example, said George Tubin, senior security strategist at Trusteer, an IBM company.

Nearly 70 percent of organizations say Zero Day malware attacks are their biggest threats, and 93 percent say malware was the method of attack employed by the APT actors who targeted them. Half say those attacks originated via phishing.

Anti-malware and intrusion detection systems (IDS) are mostly no match for exploits and malware, according to the report. Seventy-six percent of respondents said exploits and malware got past their AV software, and 72 percent said they got past their IDS.

IDS, IPS, and AV are the top three tools these organizations have in place for detecting targeted attacks. Around 60 percent say opportunistic attacks are easier to prevent than targeted ones, and 46 percent say they are easier to detect.

The root of much of the APT troubles in these organizations is lack of budget. Nearly 70 percent said their budgets are inadequate for fighting APTs, and 31 percent said they have sufficient in-house resources.

“Newer attack techniques that bypass detection technologies are not being picked up,” Tubin said. “This stuff is very stealthy … it sits on the network for a very long time, so it’s very likely these companies have additional APTs going on that they just haven’t discovered yet.”

Click here for the full Ponemon report.

Leave a Reply

You must be logged in to post a comment.