90 percent of malware given unhelpful labels by AV tools
According to a new study, 90 percent of malicious files are given generic labels by AV tools, such as 'trojan.generic', providing limited guidance for successful remediation and leaving enterprises exposed to subsequent attacks resulting from compromised credentials.
The study by breach protection specialist Lastline analyzed tens of millions of samples that were for the most part scanned and released by other security solutions.
Among other findings are that both enterprises, and malware authors, use a wide range of file types, illustrating the need to have protection parity across all attack vectors. The file types that malware authors use to launch attacks also vary widely across regions, as do their payloads and targets.
Of objects received via email or online and cleared by other security tools, one in 500 were found by Lastline to be malicious, resulting in malware being introduced daily into enterprise networks. In addition 65 percent of malware files had never been submitted to VirusTotal and were seen only once by Lastline, rendering signature-based detection technologies ineffective. One in 12 malware samples exhibit particular advanced persistent threat capabilities that make them hard to detect and particularly dangerous.
Alongside the survey results Lastline is also launching a Behavioral Intelligence Program. This is an innovative behavior-based approach to threat intelligence aimed at improving security effectiveness, speeding up remediation, and ensuring completeness of remediation.
Using data from Lastline's global deployment of millions of sensors, the program will make unique actionable information about cyber security threats publicly available to inform security teams’ ability to detect and block attacks and improve their efforts to secure email, web access, corporate networks, and cloud storage and apps.
"The Lastline Behavioral Intelligence Program is built on core strengths of Lastline -- our understanding of malicious behaviors and our ability to connect them to intrusions and breaches," says Lastline CEO and co-founder, Chris Kruegel. "With this program, we're overcoming serious shortcomings in existing threat intelligence systems that deliver one-time IoCs that are essentially useless for blocking future attacks, resulting in broken incident response processes and ineffective intrusion defenses."
You can get a full copy of the report and find out more about the Behavioral Intelligence Program from the Lastline website.