Webroot 2016 Threat Brief: 97% of malware cannot be stopped by traditional cybersecurity defences

The past year has been another record year for cybercrime, during which more malware, malicious IPs, websites, and mobile apps were discovered than ever before. It comes as no surprise to those in the Internet security industry that the cybercrime ecosystem continues to thrive, given the continuously evolving threats and little in the way of risk for those who choose to participate.

The continued onslaught of hacks, breaches, and social engineering scams targeting individuals, businesses, and government agencies alike has caused many in the security field to ask if it’s truly possible to defend against a persistent attacker. The latest edition of the annual Webroot Threat Brief revealed that 97 per cent of malware is unique to a specific endpoint, rendering signature-based security virtually useless. Data throughout 2015 clearly showed that today’s threats are truly global and highly dynamic.

Many attacks are staged, delivered, and terminated within a matter of hours, or even minutes, having harvested user credentials and other sensitive information. Countering these threats requires a new approach to attack detection that uses advanced techniques and up-to-the-second threat intelligence.

Malware and potentially unwanted applications (PUAs) have become overwhelmingly polymorphic, changing attributes to evade detection, and morphing to become unique to a specific endpoint device. These threats pose a major problem for traditional, signature-based security approaches, which often fail to discover singular variants. As this trend continues older security methods will quickly be made redundant.

Unsurprisingly, phishing is still a top choice for cybercriminals with zero-day phishing attacks becoming the hacker’s choice for stealing identities. Half of Webroot users experienced their first contact with a zero-day phishing site last year, compared to approximately 30 per cent in 2014. The report showed that the target companies of phishing scams has shifted. Technology companies like Google, Apple and Facebook were targeted twice as often as traditional financial institutions. The fact that users often use the same login credentials for these social media sites and other websites, means that hackers can compromise multiple accounts for each phishing victim – getting far more from each effort.

Criminals are using more IP addresses too, with 100,000 new addresses created each day in 2015. Attackers are relying less on the same list of IPs, and are expanding to new ones to avoid detection. The US continues to have the most malicious IP addresses of all countries. In 2015, it accounted for over 40 per cent of all malicious addresses, a significant increase from 31 per cent in 2014. The top countries hosting 75 per cent of malicious IPs include the US, China, Japan, Germany, and the UK.

In the mobile world, the second half of 2015 saw that half of new and updated Android apps were unwanted or malicious—a significant increase over the first half of 2014, where only 20 per cent of apps were of this nature. Android presents the majority of the risk in the mobile landscape due to its open nature – making it far easier for these apps to sneak through app stores and onto devices. Apps classed as “tools” which need more administrative access to devices make them more suited to malicious purpose.

What can organisations and individuals do?

Dynamic intelligence enables them to set proactive policies to automatically protect networks, endpoints, and users as part of a defence-in-depth strategy. This is especially necessary when security teams consider the threat landscape as a whole, in addition to conducting in-depth analysis on the threats targeting them. Furthermore, individuals need to be more vigilant than ever about the websites they visit, the URLs they follow, and the applications they download and use. With the various increases in polymorphism and other malware trends, it is more apparent than ever that organisations need to bolster their security posture with next-generation endpoint protection and real-time, highly accurate threat intelligence to protect themselves, their users, and their customers from cybercriminal activity.

Grayson Milbourne is the Security Intelligence Director at Webroot

Image Credit: Shutterstock/Gunnar Assmy