Advanced malware that evades signature-based detection has increased nearly 400% in the past year, research by security firm FireEye has revealed.
These traditional defences include firewalls, intrusion prevention systems, anti-virus, and other signature, reputation and basic behaviour-based technologies.
The report, which covers the first half of the year, highlights the intensified danger of email-based attacks, with researchers seeing a 56% growth in email-based attacks from the first to the second quarter of 2012.
Malicious links were more widely used than malicious attachments in the last two months of the second quarter of 2012.
Another trend highlighted by the report is the increased use of dynamic, throw-away domains. Researchers saw a significant increase in dynamic links that were used five times or less.
Links that were seen just once grew from 38% in the second half of 2011 to 46% in the first half of 2012.
Organisations must rethink their IT security architecture and implement appropriate security measures to prevent advanced cyber attacks
Ashar Aziz, CEO, FireEye
Hacking patterns vary by industry
Researchers reported that patterns of attack varied substantially by industry. Patterns of attack were different between the financial services, energy/utilities, healthcare, and technology industries.
“The results of this report make it even more clear that reactive signature-based defences cannot prevent evasive strains of malware from making their way into the enterprise,” said Ashar Aziz, FireEye founder and CEO.
“Attackers continue to remain a step ahead of traditional defences, so organisations must rethink their IT security architecture and implement appropriate security measures to prevent advanced cyber attacks such as zero-day attacks and advanced persistent threats [APTs],” he said.
The report recommends that as cybercriminals develop and invest in advanced malware, enterprises must reinforce their traditional defences with a new layer of dynamic security.
This additional layer of security should be aimed at detecting unknown threats in real time, thwarting malware communications back to command and control servers and blocking data exfiltration.
This extra layer of defence needs to be designed specifically to fight the unknown and zero-day tactics common in targeted attacks and APTs, the report said.