Endpoint specific malware renders signature detection useless
Signature-based security could be virtually useless as 97 percent of malware is unique to a specific endpoint says a new report.
This is among the findings of the latest annual Webroot Threat Brief which shows that today's threats are truly global and highly dynamic. Many attacks are staged, delivered, and terminated within a matter of hours, or even minutes, having harvested user credentials and other sensitive information.
Among other findings are that around 50 percent of Webroot users experienced a first contact with a zero-day phishing site, compared to approximately 30 percent in 2014. This indicates that zero-day phishing attacks are becoming the hacker’s choice for stealing identities.
Interestingly technology companies, including Google, Apple and Facebook, were targeted by more than twice as many phishing sites as financial institutions, such as PayPal, Wells Fargo, and Bank of America. These companies are targeted because the same login credentials are often used to access other websites, resulting in multiple compromised accounts with each phishing victim.
Criminals are using more IP addresses too, with 100,000 new addresses created per day in 2015, a significant increase from the 2014 average of 85,000 a day. This shows cybercriminals are relying less on the same list of IPs, and are expanding to new ones to avoid detection. The US continues to have the most malicious IP addresses of all countries. In 2015, it accounted for over 40 percent of all malicious addresses, a significant increase from 31 percent in 2014. Top countries hosting 75 percent of malicious IPs include the US, China, Japan, Germany, and the UK.
As with IP addresses, malicious URLs are largely hosted in the US (30 percent), followed by China (11 percent). The US is also by far the largest host of phishing sites, with 56 percent of sites within its borders.
"2015 was yet another record year for cybercrime, during which more malware, malicious IPs, websites, and mobile apps were discovered than in any previous year," says Hal Lonas, chief technology officer at Webroot. "It comes as no surprise to those of us in the Internet security industry that the cybercrime ecosystem continues to thrive, given new innovations and little in the way of risk for those who choose to participate. The continued onslaught of hacks, breaches, and social engineering scams targeting individuals, businesses, and government agencies alike has caused many in the security field to ask if it's truly possible to defend against a persistent attacker. We conclude that we can only succeed by being more innovative than our criminal opponents".
Webroot suggests that organizations need to bolster their security posture with next-generation endpoint protection and real-time, accurate, dynamic threat intelligence to protect themselves, their users, and their customers from cybercriminal activity.
The full Threat Brief is available to download from the Webroot site and you can see an infographic summary of the findings below.