Lately, there has been a lot of scary statistics surrounding malware security across the globe. In fact, PandaLabs recently reported that one third (31.6 percent) of all PCs worldwide are infected with malware, while TrendMicro found that 100 percent of enterprises had undetected malware. And, the Ponemon Institute revealed that 11 percent of desktops, laptops and other mobile devices are infected with malware in any given month.
Today, the term “malware” represents malicious software that affects devices in many ways. Most malware just requires administrative resources to remediate it, leading to diminished productivity. But, within the broader malware infection statistics exists a small but powerful portion of advanced malware, presenting a potentially devastating risk to the enterprise.
With the recent Red October report, a lot of enterprises are stepping up their advanced malware protection capabilities because defenses like antivirus solutions don’t work as effectively anymore because anti virus protection can only find something that was already identified. Malware writers use polymorphism, which is taking the exact same file and recompiling it so that it looks different.
George Tubin, security strategist at Trusteer, a provider of endpoint cyber crime prevention solutions that protect organizations against financial fraud and data breaches, recently sat down with MobilityTechzone to discuss how these advanced malware attacks increase towards enterprise and what new methods will be needed to protect sensitive corporate data.
“Advanced malware is huge on impact,” said Tubin. “Since most malware detection software is designed to find standard, known malware, which represents the majority of enterprise malware, most organizations falsely believe they are finding all malware threats. While many organizations are satisfied with their malware detection statistics, advanced malware goes undetected and can cause serious damage.”
Image via Shutterstock
A recent Trusteer analysis found that one in 500 employee endpoints are infected with sophisticated, information stealing malware. Currently, Trusteer’s malware research team analyzes information received from over 30,000,000 user endpoints and hundreds of organizations using Trusteer solutions to protect Web applications, computers and mobile devices from online threats.
According to Tubin, enterprises should focus on the one in 500 employee devices that are infected with advanced malware as this malware has evolved evasion capabilities that renders it invisible to most malware detection applications. In fact, Mandiant reported that 94 percent of the time, enterprises only found out about a compromise due to third party notification.
“At Trusteer, we are constantly protecting our customers from malware. There are a lot of organizations that are affected with malware, but they just don’t know it. The problem is malware gets onto an employee endpoint decides to steal information, but most organizations don’t know that it happened,” he commented.
Trusteer truly understand how malware works and it allows the company to be successful at identifying and preventing malware. “A number of our clients say that they have never hard malware-based fraud on any of the PCs that are protected by Trusteer.”
Tubin has seen some major classes of solutions being used in defense of advanced malware. One option is to monitor files coming through the network, scan those files and put them onto a test machine to see if they are potentially malware.
“But, we’ve seen malware writers have gone ahead and put methods in place to evade those techniques. Also, this doesn’t work if employees are not connected to the corporate network and being protected,” he explained.
Another interesting approach is whitelisting, which identifies just the safe files. According to Tubin, whitelisting works well, but there are still some manageability problems that come with it because there are always new safe files that are out there that you must stay on top of it.
These days, security teams are confident in their ability to control employee endpoints, and are more concerned over the lack of controls for unmanaged endpoints. Unmanaged endpoints like BYOD can be infected with malware and introduce unknown risks to the network. However, not all managed endpoints are protected against malware infections. For instance, a Trusteer customer revealed that its employees’ corporate-issued laptops are 10 times more infected with malware than desktops.
Tubin commented, “We believe that the primary reason for this infection increase is that laptops roam in and out of the corporate network. Unlike desktops which stay on the corporate network at all times, laptops are used from a variety of locations.”
Using laptops on public, insecure networks significantly increases exposure to malware, and they then become more vulnerable to advanced attacks. Tubin advises security teams to reevaluate the controls used to protect managed laptops that roam outside of the corporate network and out of their control. The risk such laptops introduce can be significant if infected with advanced malware focused on stealing user login credentials, sensitive business information and gaining access to the corporate network.”
Edited by Jamie Epstein