Sunday, April 7, 2013

FireEye Advanced Threat Report Details Evolving Tactics and Threat Infiltration of Attacks Targeting Enterprises

 
Advanced Cyber Attacks Occur Up To Once Every Three Minutes

FireEye Advanced Threat Report Details Evolving Tactics and Threat Infiltration of Attacks Targeting Enterprises



BANGALORE, India / MILPITAS, Calif., USA - April 3, 2013

FireEye®, Inc., the leader in stopping today's new breed of cyber attacks, today announced the release of its 2H 2012 Advanced Threat Report. The report shows that malware activity has become so pervasive that organizations experience a malicious email file attachment or Web link as well as malware communication that evades legacy defences up to once every three minutes.

Drawing on data gathered from 89 million malware events and direct intelligence uncovered by the FireEye research team, the Advanced Threat Report provides a global look into cyber attacks that routinely bypass traditional defenses such as firewalls, next-generation firewalls, IPS, anti-virus and security gateways. The report provides an overview of the current threat landscape, evolving advanced persistent threat (APT) tactics, and the level of infiltration seen in organizations' networks today. In addition, it offers a detailed look at trends taking place in specific industries, as well as a case study on a sophisticated and sustained attack that was waged during the course of 2012.

Key findings in the Advanced Threat Report include:
  • On averageenterprises experience a malware event up to once every three minutes. Across industries, the rate of malware activity varies, with technology companies experiencing the highest volume with up to one event per minute. Some industries are attacked cyclically, while some verticals experience attacks erratically.
  • Spear phishing remains the most common method for initiating advanced malware campaigns. When sending spear phishing emails, attackers opt for file names with common business terms to lure unsuspecting users into opening the malware and initiating the attack. These terms fall into three general categories: shipping and delivery, finance, and general business. The top term in malware file names, for example, was "UPS".
  • ZIP files remain the preferred file of choice for malware delivery. Malicious malware is delivered in ZIP file format in 92 percent of attacks.
  • Several innovations have appeared to better evade detection. Instances of malware are uncovered that execute only when users move a mouse, a tactic which could dupe current sandbox detection systems since the malware doesn't generate any activity. In addition, malware writers have also incorporated virtual machine detection to bypass sandboxing.
  • Attackers are increasingly using DLL files. By avoiding the more common .exe file type, attackers leverage DLL files to prolong infections.
"This report provides an overview of how attacks have become much more advanced and successful at penetrating networks, regardless of industry,"said Ashar Aziz,FireEye Founder and CTO. "As cyber criminals invest more in advanced malware and innovations to better evade detection, enterprises must rethink their security infrastructure and reinforce their traditional defenses with a new layer of security that is able to detect these dynamic, unknown threats in real-time."

"The high rate at which cyber attacks are happening illustrates the allure of malware," saidZheng BuSenior Director of Research"Today, malware writers spend enormous effort on developing evasion techniques that by pass legacy security systems. Unless enterprises take steps to modernize their security strategy, most organizations are sitting ducks."
  
The full copy of the Advanced Threat Report can be downloaded here.

 # # #
QUOTES
"This report provides an overview of how attacks have become much more advanced and successful at penetrating networks, regardless of industryAs cybercriminals invest more in advanced malware and innovations to better evade detection, enterprises must rethink their security infrastructure and reinforce their traditional defenses with a new layer of security that is able to detect these dynamic, unknown threats in real-time." 

Ashar Aziz  
Founder and CTO
FireEye 




"The high rate at which cyber attacks are happening illustrates the allure of malware. Today, malware writers spend enormous effort on developing evasion techniques that by pass legacy security systems. Unless enterprises take steps to modernize their security strategy, most organizations are sitting ducks."

Zheng Bu
Senior Director of Research
FireEye
COMPANY INFORMATION
FireEye® has pioneered the next generation of threat protection to help organizations protect themselves from being compromised. Cyber attacks have become much more sophisticated and are now easily bypassing traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways, compromising the majority of enterprise networks. The FireEye platform supplements these legacy defenses with a new model of security to protect against the new breed of cyber attacks.

The unique FireEye platform provides the industry's only cross-enterprise threat protection fabric to dynamically identify and block cyber attacks in real time. The core of the FireEye platform is a signature-less, virtualized detection engine and a cloud-based threat intelligence network, which help organizations protect their assets across all major threat vectors, including Web, email, mobile, and file-based cyber attacks. The FireEye platform is deployed in over 40 countries and more than 1,000 customers and partners, including over 25 percent of the Fortune 100.

No comments:

Post a Comment