Last year saw a sizeable increase in bot infections, data loss incidents and so-called “unknown malware”, engineered to evade detection by security tools and used in widespread targeted attacks, according to Check Point’s latest annual report.
The network security giant analyzed threat data and reports generated by thousands of customers worldwide to compile the Check Point Security Report 2014.
It highlighted a 144% increase in new malware from 2012 to 2013 to reach 83 million samples, claiming a third of organizations downloaded at least one file infected with unknown malware and that 2.2 pieces of unknown malware hit organizations every hour last year.
In addition, the report revealed that unknown malware appears most in targeted attacks in a malicious email attachment, with PDFs accounting for 35% of infected files. EXE (33%) and archive (27%) are also popular file formats.
Unlike “zero day” malware, which typically exploits a previously unknown vulnerability for which there is no patch, “unknown malware”, as defined by Check Point, exploits a known vulnerability but can’t be detected by even the most up-to-date AV products because it uses sophisticated obfuscation tools and techniques.
The increasing availability of such tools has meant that financially motivated cybercriminals are now able to create unknown malware in a relatively straightforward, automated manner to launch broad reaching targeted attack campaigns once the preserve of those with specialised tools and skills, the report said.
The obfuscation techniques in question are mainly those known as “crypters”, which disguise executables by using “various encryption and encoding schemes, cleverly combined and recombined”, according to Check Point.
“Crypters are currently a problem because they make concealment of malware easy, where previously this required specialized skills, tools or both. They are available online as free undetectable versions as well as premium fully undetectable purchase options, rating their relative successes in evading AV tools,” Check Point UK MD Keith Bird told Infosecurity Magazine.
“The best way of stopping unknown malware is sandboxing or emulation in the cloud or on a perimeter gateway, as this uses a range of techniques to spot potentially malicious behaviour before the suspicious file hits the network.”
The report also pointed to a worrying increase in bot infections, claiming that in 2013 at least one bot was detected in 73% of organizations – up from 63% in 2012. What’s more, it said that 77% are active for over four weeks.
Elsewhere, data loss incidents are on the rise, according to Check Point. Some 88% of organizations said they had experienced at least one “event”, up from 54% in 2012. More worrying still, it found that in a third of financial institutions surveyed, credit card info was sent outside the organization, while a quarter of healthcare and insurance firms sent out HIPAA-protected data.
However, this is not necessarily an indication that standards and regulations like PCI and HIPAA are failing but more a lack of compliance, according to Bird.
“Simple human error plays a central role in a majority of data breaches, because accidents happen, or because an employee knows what they’re doing is against security policy but thinks it should be OK for them to email the data just this one time,” he argued.
“In many cases, firms do not have effective data loss prevention controls because they can be costly to deploy, and can take many months of training to suit an organization’s data types and usage.”