Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Research from Palo Alto Networks Shows Malware Fight Falling Short

New research from Palo Alto Networks underscores just how much malware may be slipping by enterprise defenses.

New research from Palo Alto Networks underscores just how much malware may be slipping by enterprise defenses.

According to research gathered during a three-month period using the company’s new WildFire malware analysis engine, 57 percent of the more than 700 unique malware samples they discovered entering enterprise networks had no signatures and was unknown to the security industry.

Unidentified Malware“I think we were all a bit surprised by the volume and frequency with which we were finding unknown malware in live networks,” said Wade Williamson, senior security analyst at Palo Alto Networks, in a statement. “Unknown malware often represents the leading edge of an organized attack, so this data really underscores the importance of getting new anti-malware technologies out of the lab and into the hands of IT teams who are on the front lines.”

The inability of signatures to keep up with the creation of malware on their own has been an oft-repeated theme the past few years. With millions of new malware samples being created every year, vendors have begun embracing a mix of solutions, ranging from whitelisting to approaches that utilize the cloud.

Part of Palo Alto’s solution to this problem is WildFire, which helps identify unknown malicious files by executing them in a virtual cloud-based environment or “sandbox” in an attempt to identify malicious behavior.

Also in its research, Palo Alto found that zero-day malware was distributed by a wide variety of Web applications, in addition to the traditional HTTP web-browsing and email traffic commonly associated with malware distribution. This builds off the company’s May 2011 Application Usage and Risk Report, researchers found that traffic from browser-based file sharing applications was observed on the 91 percent of 1,253 enterprise networks analyzed from October 2010 to April 2011.

“It’s important to note this, because many enterprises only inspect email or FTP traffic for malware but do not have the ability to scan other applications,” Williamson noted. “Applications that tunnel within HTTP or other protocols can carry malware that will be invisible to a traditional anti-malware solution. These are examples of the big reasons why a lot of malware gets missed – most enterprises only focus on scanning their corporate email application.”

Related Reading: Getting Your Hands Dirty in the Fight on Modern Malware

Related Reading: An Introduction to Modern Malware 

Related Reading: Using Network Segmentation to Protect the Modern Enterprise Network

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.