Connect with us

Hi, what are you looking for?


Malware & Threats

Enterprises Facing Spike In Advanced Malware Infections, Says FireEye

Enterprises Experience 643 “Advanced Malware” Infections Each Week

According to FireEye’s most recent threat report released today, organizations are seeing a massive increase in advanced malware that is working its way inside enterprise walls by bypassing traditional IT security defenses.

Enterprises Experience 643 “Advanced Malware” Infections Each Week

According to FireEye’s most recent threat report released today, organizations are seeing a massive increase in advanced malware that is working its way inside enterprise walls by bypassing traditional IT security defenses.

FireEye, a provider of anti-malware solutions, describes “advanced malware” as unknown threats previously unseen, that bypass traditional signature-based security defenses such as next-generation firewalls, IPS, gateways, and anti-virus.

These types of advanced malware attacks have spiked to the tune of a nearly 400% increase in the first half of 2012 vs. the first half of 2011, according to the report.

In fact, FireEye’s data shows that, on average, large and medium sized enterprises from many different vertical segments experience 643 advanced malware infections per week.

“Organizations are under persistent attack, and the attacks being waged continue to grow more dynamic, effective, and damaging,” the report said.

The trend of attacks becoming more targeted and increasingly sophisticated is nothing new, and FireEye researchers said that attackers are increasingly using techniques such as the use of limited-use domains in their spear phishing emails in order to evade traditional security defenses.

These advanced malware threats infiltrate organizations via several threat vectors—the Web, email, and files, the company said.

Advertisement. Scroll to continue reading.

“Advanced threats are posing challenges to enterprises and government agencies across the board. Industries with intellectual property, customer information, or critical infrastructure to protect are particularly vulnerable to advanced threats,” FireEye explained.

Other Findings from FireEye’s Advanced Threat Report include:

• Intensified danger of email-based attacks – FireEye researchers saw 56 percent growth in email-based attacks in 2Q 2012 versus 1Q 2012. Additionally, malicious links were more widely used than malicious attachments in the last two months of the second quarter of 2012.

• Increased use of dynamic, throw-away domains – FireEye saw a significant increase in dynamic links that were used five times or less. Originating from large-volume email-based attacks, links that were seen just once grew from 38% in the second half of 2011 to 46% in the first half of 2012.

• Industries with significant intellectual property or customer and financial data remain the primary targets as attacks increase.

Malware Attack Vectors

“The results of this report make it even more clear that reactive signature-based defenses cannot prevent evasive strains of malware from making their way into the enterprise,” said Ashar Aziz, FireEye founder, CEO and CTO.

“As cybercriminals develop and invest in advanced malware, enterprises must reinforce their traditional defenses with a new layer of dynamic security that is able to detect unknown threats in real-time, thwarting malware communications back to command and control servers and blocking data exfiltration,” the company said.

As you could probably guess, FireEye sells the type of technology they are suggesting here, but nevertheless, the threats they are talking about are real.

“While web-based threats are significant, the dangers of email-based threats are growing more severe,” FireEye said. “Links and attachments delivered via email have been the source of some of the high-profile advanced persistent threat (APT) attacks such as the RSA breach, GhostNet, and NightDragon. These targeted spear-phishing emails are up, because they work. But, spear phishing emails are evolving with the use of malicious links becoming more prevalent than the use of malicious attachments.”

Interestingly, FireEye noticed that patterns of attack and trends varied substantially across industries, and that each industry seems to experiences peaks in attack volumes at different times.

Between January 2012 and June 2012, the number of events detected at healthcare organizations had nearly doubled. The report also highlighted that fact that technology companies are the most targeted organizations overall, as the overall number of attacks remain high compared to other industries. In the energy/utilities sector, there appears to be significant fluctuations in incidents, but overall the vertical has seen a large increase in attacks. In the past six months, the report shows, energy and utility organizations saw a 60% increase in security incidents.

“No industry or government agency is immune,” the report (PDF) concludes.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

More People On The Move

Expert Insights