Vast majority of firms already victims of advanced malware attacks

Businesses are failing to address advances in cyber criminals' techniques, with firms now suffering an average of 643 successful infections per week, according to security firm FireEye.

The company claimed this means a whopping 95 percent of companies have already fallen victim to new forms of advanced malware, in its H1 2012 Threat Report.

The worrying statistics mark a 400 percent increase in the number of successful infections detected in the same period last year. The increase is reportedly due to advances in cyber criminals tactics.

FireEye explained that criminals are now targeting companies using sophisticated email-based attacks capable of bypassing security measures like firewalls, intrusion prevention systems (IPS), gateways and anti-virus (AV).

The attacks reportedly use social engineering to create Trojan email campaigns custom-designed for their victims. The campaigns contain malicious web links and attachments that infect users' machines with malware when opened.

"It doesn't take a lot to make people click on a link or open an attachment," Paul Davis, director of Europe at FireEye, told V3.

"With a little homework I could figure out a subject line that would make you open an email and fit it with a URL you'd expect to see and nine times out of 10, I bet you'd click on it."

FireEye's research showed there was a 56 percent growth in email-based attacks in Q2 2012 versus Q1 2012, underlining the growth of the issue.

The research also found a marked increase in the use of throw-away domains, essentially malicious links that are used five times or fewer before being discarded, showing how regularly criminals are now adapting their attacks.

Specifically the research showed this tactic rose from 38 percent in the second half of 2011 to 46 percent in the first half of 2012.

Davis warned that the infections levels will continue to get worse so long as companies continue to rely on outdated security measures.

"The threat landscape has evolved and the existing security architectures do not address these changes," warned Davis.

"In order to have robust security they need to deploy a system that can dynamically detect exploits at the first stage of any attack."

FireEye's findings follow on from similar warnings from Finnish security firm F-Secure, which issued its own H1 Threat Report earlier in August.