FireEye, Inc. has released its Advanced Threat Report for the First Half of 2012 and the findings aren’t in your favor. Unfortunately the trend of the attacker getting stronger – defenses getting weaker has continued. The main report consists of 5 overall findings which are quite alarming:
- Finding 1: Explosion in Advanced Malware Bypassing Traditional Signature-Based Defenses. What this means to you is that the Anti-virus, Anti-Malware, Intrusion Detection, and Intrusion Prevention capabilities on your devices are becoming less effective compared to the progress which attackers are making in getting around them.
- Finding 2: Patterns of Attacks Vary Substantially by Industry—Attacks on Healthcare up 100%, 60% in Energy/Utilities. The attackers are shifting toward different industries differently. Often we as humans like to think of everything being uniform. If I got attacked and you got attacked… then we got attacked the same way… or at least we’d like to think so. This is often no longer the case. Attackers in Cyberspace are quite adept at profiling you and customizing an attack to fit your individual vulnerabilities. The importance of Internet security to secure our data and information continues to increase as more and more of ever industry becomes more dependent upon the Internet.
- Finding 3: The Intensified Dangers of Email-Based Attacks, Both Via Links and Attachments. Checking your email is now more dangerous than ever! If it wasn’t bad enough that most of us sit sedentary for way to long checking the stuff. There is a noted role reversal with malicious Links within emails now becoming more common then malicious attachments. Yet both vectors still represent significant vulnerabilities to our network security, data, and systems. This challenge also has a very wide spread business sector creating part of the problem. More and more businesses are opening Affiliate programs. These programs pay individuals a small share of any sale made. Enter the malicious and devious attacker and you have a very easy manner in which to achieve monetary gain.
- Finding 4: Increased Prevalence of Limited-Use Domains in Spear Phishing Attacks. We are seeing custom built, single use, email accounts being used to Spear Phish individuals. Have you left that Facebook Friends list open to the public? Did someone just email you that hasn’t in years (the name will be in the exact format from their Facebook account). Usually this can easily be spotted by examining the email address of the sender to expose an actual email address that has been created just to attack you. For example the email address will look like “John Smith” but the email might be from firstname.lastname@example.org. You know that “Jon Smith” doesn’t have an email like that… and of course there will be some form of payload in the email like Finding 3 notes – probably a Link or even an attachment.
- Finding 5: Increased Dynamism of Email Attachments. Simply put the ability of protective systems to examine all forms of email attachments continues to be more important. Simply looking at EXE, DOC, DOCX, PDF, etc. is no longer enough. Every file requires inspection and potential action.
About FireEye, Inc.
FireEye is the leader in stopping advanced targeted attacks that use advanced malware, zero-day
exploits, and APT tactics. The FireEye solutions supplement traditional and next-generation firewalls,
IPS, anti-virus, and gateways, which cannot stop advanced threats, leaving security holes in networks.
FireEye offers the industry’s only solution that detects and blocks attacks across both Web and email
threat vectors as well as latent malware resident on file shares. It addresses all stages of an attack
lifecycle with a signature-less engine utilizing stateful attack analysis to detect zero-day threats. Based
in Milpitas, California, FireEye is backed by premier financial partners including Sequoia Capital, Norwest
Venture Partners, and Juniper Networks.
Follow A Cyber Fellow on Twitter!