Cisco warns unique malware doubled in Q2 2011

The amount of unique web malware in the wild more than doubled in the second quarter of this year, and advanced persistent threats (APTs), SQL injection and brute force intrusions accounted for many of the security breaches, according to the latest research from Cisco.

The firm's Q2 Global Threat Report found that malware grew from 105,536 unique instances in March 2011 to 287,298 in June 2011.

Given that APTs are designed to go undetected, Cisco recommended that firms 'baseline' what is happening on their networks in order to better ascertain whether they are being attacked via an APT.

"Baselining can be applied to any type of intrusion detection system. Security professionals should chart the infected host count per detection vector, establish thresholds, and then trend. When the thresholds are breached, it is a great indication of a mass outbreak," Cisco said in the report.

"Another type of baselining that can enable quick outbreak detection is recording the number of IP addresses found per run of each malware report, and then looking for deviations from what is expected."

Elsewhere, brute force SQL server log-in attempts increased during the period and, perhaps unsurprisingly, SQL injection attacks also rose.

In terms of the malware increase, Cisco's report echoes that of UK anti-virus firm Sophos which found that malware generation rates grew by 60 per cent to over 150,000 a day in the first half of 2011.

APTs, of course, are nothing new; they've just been given a media-friendly moniker which, if nothing else, will hopefully mean that chief information security officers are more alert to them in the future.