Connect with us

Hi, what are you looking for?


Malware & Threats

Enterprises Facing Spike In Advanced Malware Infections, Says FireEye

Enterprises Experience 643 “Advanced Malware” Infections Each Week

According to FireEye’s most recent threat report released today, organizations are seeing a massive increase in advanced malware that is working its way inside enterprise walls by bypassing traditional IT security defenses.

Enterprises Experience 643 “Advanced Malware” Infections Each Week

According to FireEye’s most recent threat report released today, organizations are seeing a massive increase in advanced malware that is working its way inside enterprise walls by bypassing traditional IT security defenses.

FireEye, a provider of anti-malware solutions, describes “advanced malware” as unknown threats previously unseen, that bypass traditional signature-based security defenses such as next-generation firewalls, IPS, gateways, and anti-virus.

These types of advanced malware attacks have spiked to the tune of a nearly 400% increase in the first half of 2012 vs. the first half of 2011, according to the report.

In fact, FireEye’s data shows that, on average, large and medium sized enterprises from many different vertical segments experience 643 advanced malware infections per week.

“Organizations are under persistent attack, and the attacks being waged continue to grow more dynamic, effective, and damaging,” the report said.

The trend of attacks becoming more targeted and increasingly sophisticated is nothing new, and FireEye researchers said that attackers are increasingly using techniques such as the use of limited-use domains in their spear phishing emails in order to evade traditional security defenses.

Advertisement. Scroll to continue reading.

These advanced malware threats infiltrate organizations via several threat vectors—the Web, email, and files, the company said.

“Advanced threats are posing challenges to enterprises and government agencies across the board. Industries with intellectual property, customer information, or critical infrastructure to protect are particularly vulnerable to advanced threats,” FireEye explained.

Other Findings from FireEye’s Advanced Threat Report include:

• Intensified danger of email-based attacks – FireEye researchers saw 56 percent growth in email-based attacks in 2Q 2012 versus 1Q 2012. Additionally, malicious links were more widely used than malicious attachments in the last two months of the second quarter of 2012.

• Increased use of dynamic, throw-away domains – FireEye saw a significant increase in dynamic links that were used five times or less. Originating from large-volume email-based attacks, links that were seen just once grew from 38% in the second half of 2011 to 46% in the first half of 2012.

• Industries with significant intellectual property or customer and financial data remain the primary targets as attacks increase.

Malware Attack Vectors

“The results of this report make it even more clear that reactive signature-based defenses cannot prevent evasive strains of malware from making their way into the enterprise,” said Ashar Aziz, FireEye founder, CEO and CTO.

“As cybercriminals develop and invest in advanced malware, enterprises must reinforce their traditional defenses with a new layer of dynamic security that is able to detect unknown threats in real-time, thwarting malware communications back to command and control servers and blocking data exfiltration,” the company said.

As you could probably guess, FireEye sells the type of technology they are suggesting here, but nevertheless, the threats they are talking about are real.

“While web-based threats are significant, the dangers of email-based threats are growing more severe,” FireEye said. “Links and attachments delivered via email have been the source of some of the high-profile advanced persistent threat (APT) attacks such as the RSA breach, GhostNet, and NightDragon. These targeted spear-phishing emails are up, because they work. But, spear phishing emails are evolving with the use of malicious links becoming more prevalent than the use of malicious attachments.”

Interestingly, FireEye noticed that patterns of attack and trends varied substantially across industries, and that each industry seems to experiences peaks in attack volumes at different times.

Between January 2012 and June 2012, the number of events detected at healthcare organizations had nearly doubled. The report also highlighted that fact that technology companies are the most targeted organizations overall, as the overall number of attacks remain high compared to other industries. In the energy/utilities sector, there appears to be significant fluctuations in incidents, but overall the vertical has seen a large increase in attacks. In the past six months, the report shows, energy and utility organizations saw a 60% increase in security incidents.

“No industry or government agency is immune,” the report (PDF) concludes.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...