The threat from malware is now greater than ever before in the history of the Internet. New malware is being developed at alarming rates, and traditional antivirus software developers are struggling to maintain pace and prevent new forms of malware from being installed on endpoints.
Not only are malware developers creating ever stealthier information stealers, Trojans, and ransomware, the methods used to install the malicious software are becoming much more sophisticated. Keeping endpoints and networks free from infection is becoming far more complicated, while the cost of dealing with malware infections is increasing. Figures from the Ponemon Institute suggest the average cost of a data breach has now reached $4 million.
2015 saw some of the largest data breaches ever discovered and the situation is getting worse. The 78.8-million record attack on Anthem Inc. may have been one of the worst ever data breaches in terms of the number of individuals affected and the amount of data obtained by the attackers, but 2016 has seen even larger data breaches uncovered.
The attack on LinkedIn, which was discovered in May this year, affected 117 million users. The data breach at MySpace resulted in 460 million passwords being obtained by hackers, 111 million of those records also included a username. However, even those massive data breaches were dwarfed by the discovery of the data breach at Yahoo Inc., this month. Hackers were found to have obtained the information of around 500 million individuals.
Not all of those data breaches involved the use of malware, but a large percentage of smaller breaches have occurred as a result of malware infections and the threat from ransomware has grown significantly over the past few months.
Threat from Malware Greater than Ever Before
This month, a study conducted by Proofpoint has cast more light on the seriousness of the threat from malware and the extent to which organizations are being attacked and the seriousness of the threat from malware. The Proofpoint 2016 Security Report shows that throughout 2015, an average of 274 new forms of previously unknown malware were discovered every minute. 971 forms of unknown malware hit organizations every hour in 2015. That’s 9 times the downloads that occurred in 2014. Proofpoint’s research indicates 12 million new pieces of malware were discovered every month last year.
Proofpoint’s study revealed that in 2015, 89% of organizations downloaded a malicious file. In 2014, only 63% of companies reported downloading malicious files. In 2014, malware was downloaded every 6 minutes on average. In 2015, new malware was being downloaded every 81 seconds. In total, almost 144 million new malware were found in 2015. Out of the 6,000 gateways analyzed by Proofpoint, 52.7% were found to have downloaded at least one file infected with malware, and an average of 2,372 infected files were reported per gateway.
Email remains one of the most common vectors for malware delivery. Attackers are sending malicious emails containing scripts that download malware, or links to websites containing exploit kits that download information stealers, Trojans, and ransomware.
There was a small decline in the number of malicious websites that were accessed by employees. In 2014, 86% of organizations reported that end users had visited malicious websites. In 2015, 82% of organizations said employees had visited malicious websites.
However, employees in enterprise organizations were five times more likely to visit malicious websites in 2015 than in 2014. On average, enterprise employees visited malicious websites every 5 seconds. In 2014, malicious websites were accessed every 24 seconds.
Protecting Against Malware Attacks
Defending against malware attacks requires more than an anti-virus or anti-malware solution. Multi-layered cybersecurity defenses are required to cope with the onslaught.
Training programs should be conducted regularly to ensure employees are aware of the risks and latest threats. Knowledge should also be put to the test by conducting phishing training exercises.
Technical solutions should include anti-virus, anti-malware, and anti-bot software. Virus and malware definitions must be kept up to date and regular network scans conducted to identify infections rapidly.
Since email is the most common attack vector, anti-spam solutions should be employed. By using a robust anti-spam solution such as SpamTitan it is possible to prevent the vast majority of malicious emails from being delivered to end users. SpamTitan blocks 99.7% of spam email.
A URL filtering solution such as WebTitan should also be employed to prevent end users from visiting malicious websites and downloading malware. WebTitan can be configured to prevent end users from visiting websites known to contain malware and exploit kits. Malicious third party adverts – malvertising – can also be blocked, as can categories of websites which carry a high risk of containing malware.
Along with advanced threat prevention technologies, application controls, intrusion prevention systems, and good patch management policies it is possible to prevent the vast majority of malware attacks. However, with the volume of malware now being released and the extent to which hackers are attacking organizations, failing to commit improve cybersecurity defenses is likely to see organizations become another breach statistic.