According to security software company, Websense, existing malware attacks on organisations aren’t brand new threats. Instead, it’s the very small mutations of existing threats that easily get by most security models.
Websense Labs research and development vice-president, Charles Renert, said this was one of the key findings that emerged from the company’s most recent global threat report, which is an annual compilation of customer data and research.
Websense’s 2015 threat report indicated that the attack writing community are penetrating networks with dated measures that are still good enough to score the crown jewels of an organisation. They get away with malware by taking existing attacks and make small changes to them (that are just enough to be able to get past whatever code security is in place).
“Of the nearly four billion attacks that we stopped in 2014, a vast majority of them were not those super-advanced brand new attacks that you read about in the headlines. These were all very small mutations of existing threats that easily get by most security models,” Renert said.
Renert also mentioned that there’s a substantial shortage in security expertise that’s out there for the channel. He said that they should invest in a security team that can look across their entire organisation and assess risk.
“The best piece of advice is to make sure that these security practitioners have enough skill to make these assessments and deploy the relevant tools to safeguard their technologies. So there will be a large demand for companies that are able to provide security education, security analysis, and security as a service.”
As for 2015, he added that he expects the speed of propagation to continue regardless of the possibility of the total volume of threats decreasing.
Other key findings from the study include:
- 99.3 per cent of malware uses a command and control infrastructure used by at least one other malware author
- The total volume of threats has decreased by five per cent in 2014 from 2013
- 30 per cent of end-users click through a malicious URL (in an email) even though they have been warned of the danger
- Only three per cent of malware examined use a set of behaviour that is not common or seen by today’s sandboxes
- The most common malware groups can be identified by using a combination of just six attributes