Malware Complacency: Time to Wake up

It would be easy to become inured to the multiplicity of security headlines, studies and vulnerabilities that punctuate these days in information security. This would be the wrong time, however, to allow yourself to become complacent about malware.

Positive Technologies’ recently released “Cybersecurity Threatscape” report for the first quarter of the year paints a dreary picture for infosec teams. The analysts at Positive found that unique cyberincidents were up 32 percent in 1Q 18 over the same period last year. That’s the headline number, but the more telling number within the number is that the use of malware in cyberattacks expanded by 75 percent year over year.

Cryptocurrency miners accounted for 23 percent of malware attacks. But the data point that enterprises should pay close attention to is that data theft attacks are on the rise and made up a larger share of the total—some 13 percent more than the 1Q 2017 average. Of course, cybercriminals aren’t usually lone hackers anymore; organized crime is taking over. There is little ego involved, and there are more resources at work.

In Forrester’s “Endpoint Security Software Forecast” dated August 2017, Jennifer Adams and Chris Sherman wrote, “Many recent high-profile cyberattacks are attributed to nation-state actors. Like organized crime groups, nation states can devote considerable resources to a coordinated attack.” They also point out that new malware signatures and fileless malware are more difficult to detect, and may lay dormant for weeks or months before activating and morphing.

Positive Technologies, in its report, noted spyware was the most commonly used type of malware. It enables cybercriminals to obtain personal data, corporate secrets and account credentials. Individuals are a major target, with 5 out of 6 threats making use of malware. According to the report: “Lack of antivirus protection, as well as careless downloading of files and [clicking on] links, were primary contributing factors.”

Forrester’s report maintains that criminals increasingly are targeting corporate data. Employee devices are the most common targets for ransomware. Nearly half of the security pros whose enterprises suffered an external breach said that a corporate server was targeted as part of the attack. For such a high-risk asset, Forrester advises additional layers of protection should be used to protect against malware.

DevOps Unbound Podcast

So, what are companies doing about the risk to their data? IDC’s March 2018 “Worldwide Spending Security Guide” projects that spending on security-related hardware, software and services will increase by 10.2 percent in 2018. That doesn’t include personnel, of course; companies are spending the most money on managed security services.

Forrester points to a new crop of endpoint anti-malware solutions, some of which are startups. “Some IT professionals will be reluctant to implement these new solutions, given their higher cost, but … The value proposition becomes increasingly transparent as cyber threats continue to make headlines,” Adams and Sherman wrote.

The truth is, we’ll always be playing catch up with malware, at least until serious AI is harnessed to combat it. Since this is an end-user attack that uses email, phone and the web as some of its primary threat vectors, my advice is that enterprises employ an annually updated and ongoing training program about malware and ransomware for all employees. Anti-malware endpoint security should not be an afterthought, either. Building security awareness won’t solve the problem, but an educated workforce makes your company a more difficult target. Ultimately, the responsibility for corporate security needs to be borne by every employee, not just the infosec team. While it isn’t enough all on its own, without that approach, it’s going to be tough to beat malware as an end-user attack.

Scot Finnie

Avatar photo

Scot Finnie

Scot Finnie is an award-winning business and technology journalist, reviewer, columnist, editor, and manager. He was the editor-in-chief of Computerworld for 10 years. He's been a Windows and macOS operating system expert for two decades. He torture-tested laptop PCs. Was ZDNet's first editor.

scot-finnie has 14 posts and counting.See all posts by scot-finnie

Integrated Security Data PulseMeter

Step 1 of 7

What percentage of your organization’s security data is integrated into a SIEM or data repository you manage? (Select one)(Required)