The average web malware encounter rate in the second quarter was 335 encounters per enterprise per month, with the highest peaks in March (455) and April (453), according to Cisco's second-quarter threat report.
From an encounter-per-seat perspective, companies with 5001 to 10,000 employees and companies with more than 25,000 employees experienced significantly higher malware encounters compared to other size segments.
Despite the increase in web malware encounters, the number of unique malware hosts and unique IP addresses remained relatively consistent between March 2011 and June 2011, the report noted.
Brute-force SQL login attempts increased significantly during the second quarter, coinciding with increased reports of SQL injection attacks and other brute force intrusions – resulting in an increase in data breaches throughout the period.
The increase in web malware attacks and data breaches could be related, noted Mary Landesman, market intelligence manager at Cisco.
Landesman told Infosecurity that the recent data breaches perpetrated by such groups as Anonymous and LulzSec exposed proprietary information that was then likely exploited by criminals to launch malware attacks.
“There have been groups involved with data breaches for frivolous purposes, either to prove a point or get some laughs, but at the end of the day, customer data is being exposed. When they do expose it, attackers are going to be the first ones to harvest that information and use it for their own purposes….You are basically spoon feeding the attackers information they need to harm others”, Landesman said.
Global spam volumes remained fairly steady throughout the first half of 2011, with a slight decrease observed in the second quarter, according to the report. Phishing levels measured in proportion to all spam increased in the second quarter, reaching 4% of the total volume of spam in May 2011.
“Last year, there were a number of botnets that were taken down that led to a sharp decline in the total volume of spam. When you make it harder for hackers to get return on investment [ROI], then they have to use some other method to increase that ROI. If you can get customer information for a particular company and create a spear phishing email that contains valid details, this makes it more believable and more likely the victim will click through. That is a large part of the phishing increase”, Landesman observed.
The report also offers advice on ways to combat advanced persistent threats (APTs). Gavin Reid, manager of Cisco’s Computer Security Incident Response Team, said that the security challenge posed by APTs is to separate them from other malware and forensically identify them in a timely manner.
According to Reid, an organization’s ability to detect and respond to APTs can improve when the following computer security incident response capabilities are deployed: capacity to produce, collect, and query logs from a security perspective (e.g., host logs, proxies, and authentication and attribution logs); deep packet inspection that covers all the important “choke points” on the network; the ability to quickly query network connections across all network choke points; development of trust-based relationships with other organizations to share intelligence on events; and some degree of malware analysis (in-house or outside).
“If you have something of interest and you’re not seeing APT attacks in your organization, it is probably not that they are not occurring or that you’re safe. It’s more likely that you may need to rethink your detection capabilities”, Reid warned.