FireEye report sheds light on prevalence of malware attacks


April 07, 2013

It's no secret that in the modern information age, cyber security crimes have become more pervasive and prevalent than ever before.

However a new report from next generation threat protection provider FireEye has shed light on just how frequently the enterprises of today are being impacted by cybercrime activity.

According to the organisation's new 2H 2012 Advanced Threat Report, some businesses are today receiving a piece of malicious email as frequently as once every three minutes.

These malicious emails are a form of social engineering, and will contain dangerous email attachments or internet links to unsafe webpages.

According to FireEye founder and chief technology officer Ashar Aziz, the report contains evidence that modern cyberattacks have become "much more advanced and successful at penetrating networks, regardless of industry".

"As cybercriminals invest more in advanced malware and innovations to better evade detection, enterprises must rethink their security infrastructure," said Mr Azis in a statement released April 3.

"Today, malware writers spend enormous effort on developing evasion techniques that bypass legacy security systems. Unless enterprises take steps to modernize their security strategy, most organizations are sitting ducks."

Businesses concerned about their own vulnerability towards social engineering techniques such as malware may want to consider undergoing an ethical hacking evaluation.

Ethical hacking evaluations are an excellent way of improving vulnerability management by simulating a legitimate cybercrime attack and identifying any potential areas where cybercriminals might be able to gain access to information.

The FireEye report suggests that businesses in different industries are targeted by malware activity in differing volumes. Technology companies, for example, are sometimes targeted with one malware event every minute.

However it is important to remember that cybercriminals can target organisations of all size and industry, from start-ups and SMEs to huge multinational corporations.

Even public sector organisations are vulnerable to cyberattacks. Last month, media reports emerged detailing a potential malware virus infection that impacted the Reserve Bank of Australia (RBA) in late 2011.

While the RBA quickly moved to confirm that no user data had been stolen, the organisation reportedly engaged in penetration testing assessments following the incident in order to mitigate the risk of a future such breach.

An incident report released by the RBA following a Freedom of Information request confirmed that the infection occurred as a result of a spear phishing email, which FireEye says is still the most commonly utilised method employed by cybercriminals in order to initiate an advanced malware campaign.

Spear phishing emails directly target a particular individual or organisation by utilising familiar file names and terms that lure the unsuspecting users into opening the infected file.

To reduce the chance that your organisation will become the victim of a spear phishing email, consider undergoing a comprehensive ethical hacking evaluation in 2013.

Leave a Reply

Your email address will not be published. Required fields are marked *