Malware Changes, Systems Need to, Also

Tuesday, September 6, 2011 @ 05:09 PM gHale

When experts say security is a moving target that changes on a fairly consistent basis, they are not just blowing smoke; they know what they are talking about.

That is one reason why there is a significant gap in today’s enterprise IT defenses, as advanced malware and targeted attacks can easily evade traditional defenses, such as firewalls, intrusion prevention systems, antivirus, and Web/email gateways, according to FireEye’s Advanced Threat Report – 1H 2011.

RELATED STORIES
Executive Fear: APT Attacks
Worm Spreads with New Capabilities
Cyber Crime: Huge Haul in One Day
New Worm Infects Windows PCs

Today’s existing traditional enterprise IT defenses are not keeping up with highly dynamic, multi-stage attacks cyber criminals can use to attack enterprises.

Cyber criminals are using highly dynamic malware to circumvent traditional signature-based defenses with 94% of malicious executables and malicious domains changing within 24-hours.

The “Top 50” malware families account for over 80% of successful infections seen in the wild. In addition, the most prevalent attacks are Fake Antivirus scams and information stealing malware.

Fake AV programs act as a conduit for more serious malware infections and information stealing malware targets user credentials enabling the theft of key intellectual property and sensitive data.

Key findings from the report:
• 99% of enterprise networks have a security gap despite $20B spent annually on IT security.
• Successful attacks employ dynamic, “zero-day” malware tactics. 90% of malicious binaries and domains change in just a few hours; 94% within a day.
• The fastest growing malware categories are Fake-AV programs and Info-stealer executables.
• The “Top 50” of thousands of malware families generate 80% of successful malware infections.

As criminals develop and invest in advanced malware, enterprises must also reinforce traditional defenses with a new layer of dynamic security that can detect these threats in real-time, and thwart malware communications back to command and control centers.

This extra defense layer needs to specifically ward off the unknown and zero-day tactics that dominate targeted and advanced persistent threat (APT) attacks.