With clever cybercriminals continuously refining trusted tactics and developing new attack strategies, IT professionals have come to understand that network security will always be a moving target. Yet even as awareness grows, it appears the majority of organizations aren't doing enough to respond with the proactive steps required to keep hackers at bay.
Static defenses, dynamic threats
According to the latest Advanced Threat Report from FireEye, the first half of 2012 saw an "explosion" of both web and email attacks that successfully infiltrated government and corporate networks. More than 95 percent of companies were compromised by some form of advanced malware during this time, with an average of 643 successful infections observed each week.
While the sheer volume of attacks is impressive in its own right, the more important discovery involved how cybercriminals are finding success. FireEye researchers noted nearly 400 percent year-over-year growth in advanced malware capable of bypassing signature-based detection mechanism such as firewalls, intrusion prevention systems, gateways and antivirus software.
"The problem with signature-based defenses is a scaling issue," FireEye specialist Ali Mesdaq explained in an interview with CRN. "There are so many new exploit coming out every day that the signature databases can't scale to that level. Some sort of technology development will be needed before they will be able to handle the rapid increase in volume."
This vulnerability has certainly not been lost on hackers. According to FireEye, there has been a clear shift in favor of "throw-away domains," or malicious links that are used five or less times. In fact, 46 percent of the bait links observed in the first half of 2012 were used just once. As a result, signature-based defenses that really on domain reputation analysis and URL blacklisting have been rendered wholly ineffective.
All eyes on data
There was some variation in how cybercriminals targeted the financial services, energy, healthcare and technology industries, according to FireEye, but the end goal remains the same. Companies with valuable intellectual property portfolios and extensive archives of customer and financial data are most frequently spotted in the crosshairs.
With data protection now becoming a top priority for these organizations, data analysis could hold the key to their success. According to PCWorld, the new paradigm for defending against agile attackers seems to be real-time collection and analysis of threat intelligence via continuous monitoring. Rather than relying on signature-based defenses to intermittently issue updates after accruing sufficient data, companies are proactively gathering insights from Internet service providers, customers, attacker profiles and a litany of other sources.
Data Security News from SimplySecurity.com by Trend Micro