Cybercriminals use throw-away domains to infiltrate enterprise networks
The first six months of 2012 saw continued increases of malicious infection activity and an intensified danger of email-based attacks as cybercriminals increasingly employed throw-away domains to infiltrate enterprise networks, according to a FireEye report.
Research shows that over 95 percent of companies are compromised by advanced malware and most are not aware of the attack.
Key findings include:
Explosive growth of advanced malware infections – Advanced malware that evades signature-based detection increased nearly 400 percent since 2011, to an average of 643 successful infections per week per company.
Intensified danger of email-based attacks – 56 percent growth in email-based attacks in 2Q 2012 versus 1Q 2012. Malicious links were more widely used than malicious attachments in the last two months of the second quarter of 2012.
Increased use of dynamic, throw-away domains – An increase in dynamic links that were used five times or less. Originating from large-volume email-based attacks, links that were seen just once grew from 38 percent in the second half of 2011 to 46 percent in the first half of 2012.
Patterns of attack vary substantially by industry – Patterns of attack were radically different between the financial services, energy/utilities, healthcare, and technology industries. But one constant remains – industries with significant intellectual property or customer and financial data remain the primary targets as attacks increase.
“The results of this report make it even more clear that reactive signature-based defences cannot prevent evasive strains of malware from making their way into the enterprise,” said Ashar Aziz, FireEye founder and CEO. “Attackers continue to remain a step ahead of traditional defences, so organisations must rethink their IT security architecture and implement appropriate security measures to prevent advanced cyber attacks such as zero-day attacks and advanced persistent threats (APTs).”
As cybercriminals develop and invest in advanced malware, enterprises must reinforce their traditional defences with a new layer of dynamic security that is able to detect unknown threats in real-time, thwarting malware communications back to command and control servers and blocking data exfiltration.
This extra layer of defence needs to be designed specifically to fight the unknown and zero-day tactics common in targeted attacks and APTs.
The complete report is available here (registration required).