Sunday, 9 March 2014

Hackers churning out 55,000 malware variants every day

malware virus security
Cyber criminals and state-sponsored hackers have streamlined their malware-creation processes to churn out a staggering 55,000 new malware variants per day, according to Dell SonicWall.
The security team reported the spike in its latest Dell Network Security Threat Report 2013. "We collected about 20.1 million unique malware samples in 2013, which is an increase compared to 16 million in 2012. That averages to about 55,000 new samples coming in each and every day," Dell SonicWall said.

The data was collected by the Dell SonicWall Global Response Intelligent Defense (GRID) Network, which uses over one million sensors across the globe to collect data on emerging threats.
The SonicWall team reported that the malware variants had been alarmingly successful, confirming it had detected 78 billion infections during the period. The team prevented 1.06 trillion intrusion prevention system (IPS) related incidents and blocked more than 1.78 billion malware downloads.
The report highlighted the high number of software and hardware vulnerabilities uncovered over the year as a key reason for the high infection rates.
"There were approximately 4,429 new vulnerabilities reported from CVE [common vulnerabilities and exposures] and 3,644 related with network attacks. Web-related vulnerabilities such as browsers or applications continued to occupy the top position," read the report.
Disturbingly 14 of the flaws were zero-day vulnerabilities. These were found in popular services such as Adobe Flash Player, Oracle's Java platform and Microsoft Internet Explorer.
There was an increase in the sophistication and the volume of threats targeting Dell customers. It highlighted a new version of the CryptoLocker ransomware as a key example of the trend, warning that it uses advanced technologies to dodge traditional cyber defences.
"The PGP [Pretty Good Privacy] key pair is generated dynamically on the command and control server and the private key is destroyed if payment is not received in 72 hours. It also used a custom domain generation algorithm to hide the command and control server," explained the report.
Executive director of product management for Dell Security Products Patrick Sweeney highlighted the advanced malware as proof that businesses need to bolster their security defences. "Our threat researchers are unearthing unprecedented growth and threat patterns as cyber criminals steadily enhance [their] speed and effectiveness," he said.
"Even tried-and-true crimeware has evolved in the last year, becoming much more rigorous and sophisticated. These and other forms of threats are causing more financial and data theft to enterprises than ever before, prompting organisations of all sizes to take action against the next surge of threats with re-architected IT and processes."
Dell SonicWall's research mirrors that of numerous other security firms. F-Secure reported a similar boom in cybercrime levels in its most recent threat report

No comments:

Post a Comment