Advanced Malware Prompts Security Refresh

You only have to look at headlines to know that advanced malware is on the rise and becoming more pervasive. But it’s often difficult to put that in real terms.

A new threat report, issued by FireEye Inc., indicated that advanced malware is so prolific that organizations on average experience a malicious e-mail file attachment or URL dodging traditional security solutions around once every three minutes. And that means the channel will have to rethink, and likely repurpose, legacy solutions from here on out.

The report, FireEye’s 2H 2012 Advanced Threat Report, attempts to a bip picture overview around the threat landscape of global cyber attacks, especially those that circumvent traditional defenses. And that includes include tried and true solutions such as firewalls, next-generation firewalls, IPS, anti-virus and security gateways.

Perhaps one of the most significant findings was how often organizations were subjected to advanced malware – on average once every three minutes but as often as once a minute in some technology sectors. That said, the rate of attack varies, depending on industry and level of security infrastructure — some industries are attacked cyclically while others experience threats more erratically.

Not surprisingly, the report found that spear phishing remains the most popular attack vector, while ZIP files were the most common mechanisms for malware delivery. And it seems to be a winning recipe. The reason? In a spear phishing campaign, attackers leverage personal names, common business terms, and known applications to lure victims into opening e-mails or attachments, which makes it challenging, to say the least, for users to identify the communication as a malware attacks.

Meanwhile, advanced attack methods are compounded by new technologies better designed to evade previously robust and impenetrable security mechanisms. For example, researchers uncovered malware that executes when users move a mouse, which, in turn, can dupe sandbox detection systems.

In addition, attackers are finding they’re having more success by using DLL files in attacks.  By now, most users recognize the telltale .exe files. But DLL files still remain without the stigma of malware association. That means that advanced malware not only escapes recognition upon download, it continues to evade detection after the attack has been executed, ultimately prolonging the infection.

“This report provides an overview of how attacks have become much more advanced and successful at penetrating networks, regardless of industry,” said Ashar Aziz, FireEye founder and CTO. “As cybercriminals invest more in advanced malware and innovations to better evade detection, enterprises must rethink their security infrastructure and reinforce their traditional defenses with a new layer of security that is able to detect these dynamic, unknown threats in real time.”

And as always, the channel will be on the front line of defense. Thus far, security solution providers have done well with standard solutions – anti-malware, firewalls and IPS – that have withstood the test of time.

But that’s likely about to change. With no foreseeable end in sight to advanced malware trends, the channel is inevitably going to have to rethink its strategy when it comes to security. That means raising the overall bar with better solutions, new customer security policies, and more comprehensive services that leverage deep dive forensics and analytics while thinking outside the box in terms of data protection services. In short, a new paradigm is in the making, and as such solution providers need to undergo a mental shift that assumes all attacks that customer face now contain the ability to easily trump the same security infrastructure on which they’ve come to rely.

As of late, there are a growing number of advanced malware options for solution providers. The proliferation of advanced malware has produced a groundswell of dedicated firms such as FireEye and Damballa Inc. tackling the problem. But legacy players such as SourceFire Inc., Fortinet Inc.,  Hewlett Packard Co. , and RSA, the security division of EMC, have also gotten in on the game with their own unique blend of solutions that attempt to combat APTs while nabbing larger slices of market share.

For the channel, it’s clear that this is the way the game is going to be played from here on out. That means the time has come for solution providers to refresh their security portfolios with a bit of an advanced threat makeover.