Ninety-seven per cent of malware is unique to a specific endpoint, rendering signature-based security virtually useless, according to The Webroot 2016 Threat Brief.
Malware and potentially unwanted applications (PUAs) have become overwhelmingly polymorphic. By changing attributes to evade detection, polymorphic threats pose serious issues for traditional security approaches which often fail to discover singular variants.
The brief also found that roughly 50 per cent of Webroot users experienced a first contract with a zero-day phishing site, as compared to approximately 30 per cent in 2014. This highlights that phishing attacks are the first choice for hackers attempts to steal identities.
Additionally, 100,000 net new malicious IP addresses were created per day in 2015, significantly increasing from the 2014 average of 85,000 a day. This data shows that cybercriminals rely less on the same list of IPs, and are expanding to new IPs to stay undiscovered.
Technology companies such as Google, Apple and Facebook were found to be targeted by more than twice as many phishing sites as financial institutions like Paypal, Wells Fargo and Bank of America.
Webroot said these companies are more targeted because the same login credentials are often used to access other websites, resulting in multiple compromised accounts with each phishing victim.
Webroot chief technology officer, Hal Lonas, said 2015 was another record year for cybercrime, during which more malware, malicious IPs, websites and mobile apps were discovered than in any previous year.
“The continued onslaught of hacks, breaches, and social engineering scams targeting individuals, businesses, and government agencies alike has caused many in the security field to ask if it’s truly possible to defend against a persistent attacker. We conclude that we can only succeed by being more innovative than our criminal opponents,” he added.
The security vendor said to combat the ever-increasing cybercriminal activity, it has launched Webroot BrightCloud Threat Investigator.
The solution looks to provide enterprises, MSPs and MSSPs with instant access to actionable threat intelligence on individual IPs and URLs.
The company claimed its BrightCloud Threat Investigator’s web-based, graphical user interface (GUI) research console makes research manageable through its deliverable insights such as why the company categories a specific IP or URL as malicious, why specific reputation scores are assigned, and how long an IP or URL has been a threat.
Webroot executive vice president of products and strategy, Mike Malloy, said, “The BrightCloud Threat Investigator provides a source of additional detail to help security analysts determine the right course of action and save time in the investigation.”