Signature-based security could be virtually useless as 97 per cent of malware is unique to a specific endpoint, says a new report.
This is among the findings of the latest annual Webroot Threat Brief which shows that today's cyber threats are truly global and highly dynamic. Many attacks are staged, delivered, and terminated within a matter of hours, or even minutes, having harvested user credentials and other sensitive information.
Among other findings are that around 50 per cent of Webroot users experienced a first contact with a zero-day phishing site, compared to approximately 30 per cent in 2014. This indicates that zero-day phishing attacks are becoming the hacker’s choice for stealing identities.
Interestingly technology companies, including Google, Apple and Facebook, were targeted by more than twice as many phishing sites as financial institutions, such as PayPal, Wells Fargo, and Bank of America. These companies are targeted because the same login credentials are often used to access other websites, resulting in multiple compromised accounts with each phishing victim.
Criminals are using more IP addresses too, with 100,000 new addresses created per day in 2015, a significant increase from the 2014 average of 85,000 a day. This shows cyber criminals are relying less on the same list of IPs, and are expanding to new ones to avoid detection. The US continues to have the most malicious IP addresses of all countries. In 2015, it accounted for over 40 per cent of all malicious addresses, a significant increase from 31 per cent in 2014. Top countries hosting 75 per cent of malicious IPs include the US, China, Japan, Germany, and the UK.
As with IP addresses, malicious URLs are largely hosted in the US (30 per cent), followed by China (11 per cent). The US is also by far the largest host of phishing sites, with 56 per cent of sites within its borders.
"2015 was yet another record year for cyber crime, during which more malware, malicious IPs, websites, and mobile apps were discovered than in any previous year," says Hal Lonas, chief technology officer at Webroot. "It comes as no surprise to those of us in the Internet security industry that the cyber crime ecosystem continues to thrive, given new innovations and little in the way of risk for those who choose to participate. The continued onslaught of hacks, breaches, and social engineering scams targeting individuals, businesses, and government agencies alike has caused many in the security field to ask if it's truly possible to defend against a persistent attacker. We conclude that we can only succeed by being more innovative than our criminal opponents".
Webroot suggests that organisations need to bolster their security posture with next-generation endpoint protection and real-time, accurate, dynamic threat intelligence to protect themselves, their users, and their customers from cyber criminal activity.
The full Threat Brief is available to download from the Webroot site and you can see an infographic summary of the findings below.