All Covered is observing a growing trend of malware attacks and hacking attempts across the small business sector. In the past many businesses could rightfully believe that they were not going to be attacked by hackers because they were either too small, or because they were “off the radar” due to their small presence in the marketplace. This has all changed in the past 18 months.
According to the FBI, more money is now made off of malware then off of illegal narcotics. This represents a significant shift in how organized crime is both operating and where they will be making their investments in the future. Experts anticipate more sophisticated attacks with malware that is both harder to detect, and harder to remove. This is driven by several trends:
- No network is safe. In the past, attacks from the internet were directed by a person who had a specific target in mind, such as a business, and institution or a governmental agency. These days attacks are completely automated, run by sophisticated programs that scan blocks of IP addresses.
- Automated scans scan examine 1000 IP addresses in an hour looking for vulnerabilities to exploit. Most scans are running continuously for days and weeks at a time.
- When an IP address is detected with a vulnerability, the application immediately attempts to exploit it. If successful, it will alert it’s administrator so that he can examine the results and see what additional exploitation can take place.
- Most firewalls are scanned by these automated systems at least twenty times a week from different sources
- Virus writing kits enable people with little technical skill to create sophisticated malware applications at low cost.
- Most of these virus kits come with 24hour technical support.
- Virus kits enable rapid advancements in code exploit to be rapidly distributed, which closes the gap between a known vulnerability and a viable virus or worm that can exploit it.
- Many organized crime groups cooperate and share resources for code writing, research and development and malware distribution in order to maximize profits
- There is a for-profit malware contingency who use dedicated test labs and other professional methods to improve their chances of infecting computers that employ techniques which outpace security software maker’s capabilities
- Infested machines (bots) send out 44 billion spam emails a day. With many advertising programs, advertisers are paid on a cost-per-mille (CPM) metric. This means that the vendor or merchant is charged a flat rate for every thousand people that are shown the ad. Spam alone generates billions in profits.
- In 2010 McAfee Labs identified more than 20 million new pieces of malware.
- SophosLabs received around 60,000 new malware samples every day in the first half of 2010; every 1.4 seconds of every day, a new malware sample arrives.
- Captured data has value (represented in price per number of accounts captured)
- Within the top 100 results 51 percent of the daily top search terms led to malicious sites, and on average each of these poisoned-results pages contained more than five malicious links. Of those poisoned, almost 5 percent had a malicious link in the top 10 results alone.
- As the IPAD and other apple product rise in popularity, so do the number of viruses designed specifically to exploit them. Currently there are over 35 viruses written for the IPAD alone
- Over 30 percent of network infections come from either a thumbdrive or through a vpn connection from a home office
- Most viruses are network-aware, allowing them to spread rapidly across the network. In addition, most viruses are designed to “call home” to a command and control center to download more advanced malware.
- APTs are not automated – these attacks are directed by individuals or teams with a high degree of skill
- APTs establish a back door so that they can return to steal more data.
- APSs use sophisticated techniques to encrypt and hide data so that it can evade detection
- The detection rate for APTs is 24%. In comparison, the detection rate for malware is above 80%
Businesses can defend against these threats in many ways, but it is important to understand that there is no singular solution to the defense against malware and attacks. Organizations need to have a layered approach to security, defending the perimeter, the servers, the workstations, the network and the data, with solutions that overlap protection at each layer. These protections need to be specific to the organization – one size does not fit all, as solutions need to not only align with the individual needs of the organization, but with the policies that are in place.