Sophisticated Malware Is Stumping Security Pros


The ferocious nature of modern malware is wreaking havoc on some organizations, forcing security professionals to reassess current security policies and consider spending on modernizing defenses to detect attacks, according to a new survey.

The study, released this week by Enterprise Strategy Group and commissioned by Malwarebytes, surveyed 315 security professionals at companies in North America. It found that 74 percent of respondents have increased their security budgets over the past two years in direct response to more sophisticated malware threats.

Businesses need to assess their current defenses to avoid making impulsive spending decisions, said Jon Oltsik, senior principal analyst at Enterprise Strategy Group, in his "Malware and the State of Enterprise Security" report.

[Related: Former DuPont Security Chief: Safeguarding Data Is A Daily Struggle]

"Many organizations lack the right staff size or skills necessary to address malware threats, but given their current workload and the information security skills shortage, it is unlikely they can fill this void quickly," Oltsik said in his report. "The best technologies will address antimalware requirements with highly tuned intelligence, algorithms and automation."

The current crop of firewalls and intrusion-prevention systems are missing a greater amount of malware, according to the survey. Sixty-two percent of those surveyed believe their host-based security software is not effective for detecting zero-day attacks and other malware designed to bypass the software and remain stealthy on systems.

Malware researchers told CRN that the threat landscape continues to consist mostly of financial malware designed to steal account credentials, credit card data and drain bank accounts. Although much less frequent, advanced persistent threats (APTs) out to target intellectual property are increasingly dangerous, security experts say. Both types of attacks rely on similar tactics, using social engineering techniques to target employees at the endpoint and common Web application vulnerabilities, Oltsik said.

"APTs follow a general life cycle that includes external reconnaissance, initial compromise, gaining foothold, escalating privileges, internal reconnaissance, lateral movement and data exfiltration, Oltsik said. Security professionals should become intimately familiar with these phases so they can implement appropriate security controls for each phase and recognize anomalous behavior that may be associated with one or many phases of an attack."

In addition, the survey found that 42 percent of organizations are testing or implementing security technologies that use sandboxing technology, virtual environments where files are quickly analyzed before being passed on to the end user. More than half of survey respondents said additional layers of endpoint security software would be added to detect and contain zero-day threats.

Organizational changes also are being made at some organizations, according to the study. About 39 percent of those surveyed said a group of security analysts dedicated to malware intelligence and analysis was created at their organization. About 31 percent of businesses invested in incident detection and response services.

"Evidently when it comes to malware detection and remediation, many enterprises don't know what to look for," Oltsik said. "While security professionals understand the basic concepts about malware, the [Enterprise Strategy Group] research indicates that a large number are unfamiliar with advanced malware properties."

PUBLISHED JULY 25, 2013