Andrea Danti - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Adversaries never sleep: unknown malware downloaded every 34 seconds

In its 2015 Security Report, Check Point Software has found adversaries are exploiting the ease of creating unknown malware to boost the chance of a successful attack, and sandboxing adoption may be the best way to mitigate risk.

Research from a new report has found a number of commonly noted security trends, including the risks of bring-your-own-device (BYOD) and insider data breaches, are still causing problems for enterprise, and adversaries have very easy ways to create unknown malware.

Check Point Software Technologies LTD, based in Tel Aviv, has released its 2015 Security Report with data based on more than 300,000 hours of monitored network traffic culled from thousands of enterprises across all major industries.

The top finding was just how easy it is for adversaries to create malware that can avoid antivirus (AV) detection with small tweaks. This has led to a tremendous increase in the number of unique malware detections.

"We saw unknown malware hitting organizations in our sample 106 times per hour and that is a frightening increase," said Juliette Rizkallah, vice president of global marketing for Check Point. "Last June, we were seeing only 2.2 incidents of unknown malware per hour."

Rizkallah said the reasons why there has been such a large increase in new malware is because of how easy it is for adversaries to avoid AV detection based on the MD5 signature.

"You basically just add one null at the end of the PDF or DOC file and that's all it takes to create a new malware," said Rizkallah. "That new file won't be flagged as malicious and therefore any signature that existed for that malware won't apply to this file."

Check Point found that 52% of files infected with unknown malware were PDFs. Avoiding AV detection increases the likelihood of success for attackers, said Rizkallah, so these small changes have become common practice. As these attack techniques have evolved, so too have the security practices, but Rizkallah said there is a problem with adoption.

"The typical solution you would see is sandboxing and threat elimination," said Rizkallah, "but we see very little adoption, maybe 0.1 to 1%of companies have adopted this. So you see the gap widening between the threats and the protection."

The need for DLP

Two other findings of the report regarding the risks of BYOD and data breaches caused by insiders were listed separately, but appear to have a common thread. Check Point found that in 2014, 81% of organizations suffered at least one data loss incident, and in total, organizations faced 41 data loss incidents per day, a 41% increase year-over-year.

According to Rizkallah, the threats are not always coming from the outside, but from insiders who don't always mean to do harm.

"We've seen 81 percent of organizations analyzed being impacted by insider data breaches," Rizkallah said. "Every 36 minutes sensitive data is leaving an organization."

Rizkallah said the biggest culprit was email attachments, and often the potential data loss was unintentionally caused by autofill adding extra recipients to an email. This data was gathered by Check Point using a data loss prevention (DLP) tool in monitoring mode and was used to show organizations how DLP could help mitigate those incidences.

"If you look at what is happening today, a lot of organizations do not have DLP implemented," said Rizkallah. "If the user had it implemented, more than likely they wouldn't have seen the incidents because it would have been blocked."

In a survey of 700 businesses, Check Point found that 42% of organizations suffered security incidents related to mobile, each of which cost more than $250,000 to remediate.

Check Point found the rise of BYOD has led to more risks of data loss for enterprise, because employees often use mobile devices to handle email.

"The main concern is the sensitive data because honestly the biggest application use is email," said Rizkallah. "When the 42% of respondents mentioned the quarter of a million cost to remediate, that was related to data loss for sure."

Next Steps

Learn more about mitigating JavaScript risks and data loss in mobile email.

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)