A common theme that runs through my posts is the human power behind effective network security – teams of experts who fuel our technology. This blog is about our seasoned McAfee Labs team of researchers who compile a quarterly report of threats they discover and protect against and I am particularly intrigued by the information the team has uncovered on network threats. Threat research is not just something that we publish as a company, but something that informs our product development. We use this wealth of information to protect our customers and I would like to share three discoveries from the report that enterprises should to pay attention to.
1. Attacks are growing more sophisticated and more numerous
Through forecasting and trending, we knew that 2012 would likely host a greater number of new malware samples than 2011, but the data from Q2 blew us away. In the quarter alone, McAfee researchers discovered nearly 100,000 new samples per day.
Not only are these threats growing in numbers, they are also growing in complexity. For example, signed malware, a sophisticated attack that evades detection by using stolen or faulty certificates, has doubled since January. Signed malware poses as legitimate software, making it less likely to be detected. Even when it is detected, blocking or revoking the certificate poses a huge problem because if organizations block the use of those certificates, legitimate software that rely on those certificates would be blocked as well.
2. The stakes are higher than ever
While file, web and email-based attacks remain prevalent, the most sophisticated attacks now include some network-based components. Spam is not the problem anymore. As McAfee uncovered through exploits like Operation High Roller, what may seem like simple attacks like phishing scams have the capacity to quickly and chaotically threaten mission critical infrastructure.
Unlike 20 years ago when most critical systems like electric grids, phone and transit networks were isolated silos, the majority of these systems today are IP and network connected. As the concentration of accessible data increases, so does the potential for a massive impact on enterprises, infrastructure and even national security.
3. Hackers are taking advantage of the rise in IT consumerization
During the past few quarters, our reports have shown a steady increase in the variety and quantity of mobile malware. Because bad actors understand that mobile devices can often provide easy access to consumer and corporate data, they are taking advantage of organizations that have lax BYOD security.
With years of experience attacking the traditional operating system, malware writers are using these mature skills to infiltrate the immature BYOD playing field. In defense, organizations must deploy a combination of best practices and process controls – from the network all the way down to the application level.
These three trends show that the threat landscape continues to evolve as technology evolves. Collective data from our quarterly Threats Reports makes it clear that new security measures must be developed to help enterprises protect their sensitive data and critical systems – from “simple” phishing scams to sophisticated signed malware. From what I see, the only true solutions are connected solutions: Endpoint security that informs network security, and network security solutions that feed into centralized security information and event management systems – producing automated and real-time actionable events.