Share

Related Stories

  • Oil Giant Saudi Aramco lights up network after malware attack
    Saudi Aramco, the national energy company of Saudi Arabia and one of the largest oil producers in the world, has repaired 30,000 workstations after a virus compromised security for about 75% of its terminals on Aug. 15. However, sections of its main website remained offline as of this writing.
  • Shamoon likely the malware used against Saudi oil giant Aramco
    Shamoon is now thought to be the malware used in the August 15 attack against the Saudi oil giant Aramco. A group calling itself Cutting Sword of Justice has claimed responsibility, and has threatened to confirm this power by returning at 21:00 GMT on August 25.
  • Malware crisis for virtual machines
    OSX Crisis, discovered last month, was soon found to be cross-platform – detecting whether the OS is Windows or Mac, and responding accordingly. Now Symantec believes it may also be the first malware that attempts to spread onto a virtual machine.
  • Malware targeting Android triples in second quarter
    The amount of malware targeting the Android platform almost tripled in the second quarter compared with the first quarter of 2012, according to Kaspersky Lab.

Top 5 Stories

News

Cyberattacks up 400% since 2011

30 August 2012

Cyberattacks are intensifying across vectors and industry segments, according to agnostic research from FireEye.

The increased level of maliciousness is being led by explosive growth of web-based malware infections, which are up 400% since 2011. That translates to a staggering average of 643 successful infections per week per company.

“Attackers are getting smarter, and can evade typical perimeter defenses pretty easily,” explained Ali Mesdaq, a FireEye researcher, in an interview. “Attacks through the web vector are hard to catch via standard signatures, because just on sheer volume companies can’t keep up with updating signatures, so attacks are slipping through.”

He noted that there’s also been a growth of obfuscation techniques, and many of the tools for attackers are getting more advanced. “Also, while the community was made up of only a few people a few years ago, now a lot of people putting energy and money into this,” he said.

Hand in hand with the web results is an intensified danger of e-mail-based attacks. There was a 56% growth rate in email-based attacks in the second quarter 2012 versus the first quarter. These consisted of emails sent with malicious links as well as those with malicious attachments. In some months, attachment-based efforts were more prevalent, but in May links-based attacks were almost double in frequency to attachments.

“These guys are always moving between the two, seeing what’s effective now, what’s effective later – here’s overall more organization,” Mesdaq said.

When it comes to the links themselves, FireEye has found that limited-use domains are on the rise. In 2011, it was common for a link to a malicious domain to be sent out en masse, 10,000 e-mails at a time in some cases. But so far in 2012, cybercriminals are sending a mail with a link to a site tailored for just one organization, or a small group, say three people.

The use of dynamic, throw-away domains has grown from 38% in the second half of 2011 to 46% in the first half of 2012.

“You can research one organization, and be more effective,” explained Mesdaq. “Rather than taking a shotgun approach, these people are looking for specific data from a specific company. It’s a higher reward undertaking.”

Also, the limited-use approach means that an email would not be recognized as carrying a widespread threat. It would also be much more likely to bypass blacklists and other types of filters.

For perpetrators, the tools available now allow a point-and-click building of a customized PDF. “It’s almost run like a marketing firm would run its business,” explained Phil Lin, another FireEye researcher. “They can source the template from something legitimate, like a white paper, glue the tracking cookies or add malware, then do a targeted e-mail blast through legitimate means – buying lists, for instance.”

FireEye’s research also shows that patterns of attack vary by industry. Technology is the No. 1 most- targeted industry by far. But healthcare attacks were up 100% from the last half of the 2011. That segment has seen steady growth, without spikes.

Financial services, on the other hand, saw a dramatic increase in April and May – which coincides with a spike last year around the same time. This season, the spike originated in Latvia.

Energy and utilities, meanwhile, have seen a 60% increase over the last six months and have seen the highest amount of growth. These industries experienced 300% growth in attacks in one year, primarily via malware.

“This is one of the scarier industries that is being targeted because it affects all of our lives,” Mesdaq said. “There’s the potential to take down the grid.”

Utilities, he said, are just starting to catch up on security, modernizing within the last five years. That’s because the dynamics have changed – utilities are now much more dependent on communications networks, including for smart meters and automation. “They are now connected to networks that need to be secured,” Mesdaq explained.

This article is featured in:
Identity and Access Management  •  Industry News  •  Internet and Network Security  •  IT Forensics  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×