Hackers hitting firms with malware five times a second
Hackers are hitting businesses with malware-based cyber attacks five times a second, and phishing remains the infection strategy of choice, according to Verizon.
The company revealed the statistic in its Data Breach Investigations Report, which collated data from over 70 contributing partners’ internal and customer networks.
Bob Rudis, Verizon managing principal and author of the report, told V3 the figure stemmed from data collected from five security providers’ customer networks, which included information from over 10,000 businesses.
“We had five partners’ customer logs and got to see the incident discovery of over 10,000 organisations. We found that there are five malware events every second,” he said.
“This is bad, but what was really interesting was how unique the malware was. We saw that 70 to 90 percent of malware samples are actually unique and have a unique signature.”
Rudis added that the unique nature of this malware is not a sign of sophistication but is simply a means to bypass traditional signature-based cyber defences.
Interestingly, Rudis added, and despite widespread reports to the contrary, only a tiny fraction of the malware incidents occurred on smartphones.
“There are lots of vulnerabilities in mobile so we went in [looking for malware]. We got six months of mobile malware capture data for our report. We looked at what mobile operating systems are being targeted and how often,” he said.
“We found that 0.3 percent of mobile devices were impacted. Despite what most people are saying, it’s not ‘mobile, you’re all going to die’ at the moment.”
Rudis said that phishing remains the most prolific and effective infection strategy being used by hackers.
“During our research we got a chance to look at hundreds of thousands of phishing programmes. These included over 150,000 messages. We found that almost a quarter of folks who get [a phishing message] are going to open it. That’s a one quarter response rate,” he said.
“You may think that opening a message may not be bad, but 11 percent actually click on the link or the attachment containing the malware.
“During our analytics we also found that from the start of a campaign it takes 82 seconds for the first successful breach. If you’re a hacker mounting a phishing scam you’re guaranteed to get a quarter return.”
Hackers’ success rates are further aided by most firms’ poor patching practices, according to Rudis.
“There’s also a lot to do with patch practices. When looking at detailed records regarding incidents in excruciating detail we found that 25 percent could be stopped if people patched,” he said.
“Interestingly, within the top 10 vulnerabilities we saw, some were fairly recent, one was found in 2014, however many aren’t. One of the worst and most commonly used dates back to 1999. We have a joke now that hackers are partying like it’s 1999.”
Rudis cited the notorious Heartbleed flaw as further proof of the need for more robust patching practices.