- V3 Apps
Cyber crooks are targeting businesses once every three minutes with advanced malware capable of avoiding detection from traditional tools such as firewalls and anti-virus software.
Security firm FireEye reported the figure in its H2 2012 Threat Report, released on Wednesday, based on data gathered from 89 million malware events, along with intelligence from its research team.
The firm reported that spear phishing remained the most common attack strategy for getting malware into an enterprise.
Spear phishing is a common form of attack that looks to dupe its victims into downloading malware by sending messages using common business terms designed to entice them to click on a malicious email file attachment or web link.
FireEye said most of messages it detected masqueraded as shipping and delivery, finance, and general business topics and that the top term in malware files names was UPS. The firm said that while attack methods remain simple the malware being used is getting more sophisticated.
"Several innovations have appeared to better evade detection. Instances of malware are uncovered that execute only when users move a mouse, a tactic which could dupe current sandbox detection systems since the malware doesn't generate any activity," FireEye warned.
"In addition, malware writers have also incorporated virtual machine detection to bypass sandboxing."
FireEye chief technology officer Ashar Aziz said that the malware evolution is proof businesses need to adopt new intelligence based defence strategies.
"As cybercriminals invest more in advanced malware and innovations to better evade detection, enterprises must rethink their security infrastructure and reinforce their traditional defences with a new layer of security that is able to detect these dynamic, unknown threats in real time," said Aziz
FireEye's call for change mirrors those of numerous other security vendors.
Most recently security agency Europol reported that the increased success rate of cyber attacks is doubly dangerous as organised crime groups (OCGs) are using them to fund other darker real world activities.