Enterprise hit by malware every three minutes

Click here for malware

The average enterprise organisation is hit by a malware attack every three minutes, according to a new report by security vendor FireEye.

The company tracked 89 million malware events that took place across the globe during the second half of 2012, and used the findings to create the latest edition of its Advanced Threat Report.

The document's aim is to provide organisations with an insight into the wide range of cyber attacks that regularly bypass IT security systems.

Its findings suggest enterprise firms experience a malware event (in the form of a malicious email file attachment or web link, for example) once every three minutes, with technology companies among those most frequently targeted.

Unless enterprises take steps to modernise their security strategy, most organisations are sitting ducks.

Zheng Bu, senior director of research at FireEye, said enterprises should take note of this attack rate and prepare their defences accordingly.

"Malware writers spend enormous effort on developing evasion techniques that bypass legacy security systems," he said.

"Unless enterprises take steps to modernise their security strategy, most organisations are sitting ducks."

The report also shed light on some of the most popular attack methods employed by cyber criminals during malware delivery campaigns, as well as some less common ones.

For example, spear phishing emails were flagged as the most common means of initiating a malware attack, while ZIP files emerged as the preferred choice to deliver malware.

"Instances of malware [were] uncovered that execute only when users move a mouse, a tactic that could dupe current sandbox detection systems since the malware doesn't generate any activity," said FireEye in a statement.

"In addition, malware writers have also incorporated virtual machine detection to bypass sandboxing."

David Harley, security research fellow at anti-virus vendor ESET, said spear phishing and social engineering techniques are popular with cyber criminals because of how easily they evade detection.

"As such, technical defences like spam filters and firewalls are less likely to pick them up. Secondly, malicious code is likely to be customised to a point where it isn't so easily found by generic malcode detection such as passive heuristics, let alone by old-school static signature detection," said Harley.

"The best defences are multi-layered. These involve efficient updating and patching [and] not relying on a single layer/security solution, such as a firewall or Intrusion Prevention System (IPS)."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.