Increase in malware attacks targeting companies

August 30, 2012

The number of malware attacks by hackers have increased dramatically in the first half of 2012, according to FireEye. As companies increase their malware security, hackers are creating more advanced phishing methods to gain control over computers.

Hackers attempt to bypass security
According to the FireEye study, called Advanced Threat Report, the first half of 2012 has seen a 225 percent increase of malware infections that successfully bypassed security programs, compared to the last six months of 2011. The increase in malware attacks totals to an average of 643 infections per week, per company.

Businesses have certain tactics to prevent hacker attempts, including antivirus software, firewalls and intrusion prevention systems. Hackers, however, are now disguising malware as attachments. The study shows that email is the most popular method of spreading malware to recipients. Malicious emails are intended to trick users into opening them or clicking on their attachments.

Because malware is changing more frequently, companies are finding it harder to create signature-based defenses that can detect it. The study shows that the number of identified malicious attachments has decreased from 45 percent in the second half of last year to 26 percent in the first half of this year. The decrease in percentages indicates that there are more types of malware, according to FireEye.

Hackers are using "short-term domain drive-by attacks" to evade anti-spam protections, according to the survey. The number of domains used for spear phishing purposes has increased. Short-term domains are used only a handful of times in order to go undetected by security softwares.

Email security strategies
As a result of these growing hacker attempts, companies should keep an eye on possible malware attacks. Security vendors are adopting models that adjust to new threats and updating products to prevent attacks, Crawford wrote in FireEye's company blog.

If a person detects spam on his or her personal device, he or she should delete it immediately. Business employees who receive spam while at work should notify their IT departments, according to experts.

"Greater awareness of the threat landscape in as close to real time as possible is required, regardless whether to inform human defenders or to arm security technologies," said Enterprise Management Associates' Security Research Director Scott Crawford.

As hackers continue to develop malicious emails and harmful malware, companies should do whatever necessary to ensure that the proper email security measures are installed.

-McAfee Cloud Security