Security firm FireEye has documented a significant increase in what it calls advanced malware designed to evade detection by antivirus and other signature-based security technologies.
The overall volume of spear phishing emails is increasing and our domain analysis also shows the ratio of emails that use limited-use domains is also on the rise.
Milpitas, Calif.-based FireEye Inc. said that on average, organizations are experiencing more than 600 Web-based "malicious events" each week. The bulk of the attacks are from malicious email attachments or embedded links in emails. Compared to the second half of 2011, the number of infections per company rose by 225% in the first half of 2012, the firm said.
The company's report, issued last week, is based on data collected by its Web and email system customers. The firm analyzed several million incident submissions drawn from mainly large and medium-sized businesses.
"For organizations that rely solely on firewalls, IPS, AV and other signature-, reputation-, and basic behavioral-based technologies, it is abundantly clear that compromises and infections will continue to grow," FireEye said in its report.
FireEye said attacks targeting the healthcare industry almost doubled in the first half of 2012. The financial services sector also saw a massive increase. In May of 2012, the financial services sector saw more events than the entire second half of 2011, according to FireEye.
Spearphishing using malicious file attachments or embedded links that lead to malicious websites appears to be a continued favorite attack vector, according to the FireEye analysis. The firm, which sells software designed to detect web and email threats, said it saw a 56% increase in email-based attacks.
Cybercriminals have long been developing techniques to outsmart antivirus and other signature-based antimalware technologies. Some malware is designed to disable antivirus, while other variants evade detection altogether. Experts point out that automated attack toolkits have been increasing in sophistication. Black Hole, Zeus, SpyEye and other exploit toolkits have advanced features, designed to let cybercriminals ramp up attacks quickly, collect and analyze infection data and target specific industry sectors or regions with a particular attack. FireEye said it documented cybercriminals changing their malware more quickly, using automated tools to morph it into a different variant, making signatures ineffective.
To get targeted spear phishing email messages past domain reputation analysis and URL blacklists, FireEye said it is tracking the use of "throw-away" domains used in targeted attacks against a limited number (10 or fewer) attacks.
"Through social engineering, cybercriminals are personalizing emails and then using throw-away domains to bypass signature- and reputation-based mechanisms that organizations rely on to filter out malicious emails," FireEye said. "The overall volume of spear phishing emails is increasing and our domain analysis also shows the ratio of emails that use limited-use domains is also on the rise."