How Malware is Downloaded Every 81 Seconds

A new report by Check Point says that some form of known malware is downloaded every 81 seconds in an enterprise organization.

In the company’s fourth annual Security Report, Check Point researchers analyzed the activity of more than 31,000 Check Point gateways worldwide, revealing details on what enterprises are encountering in known and unknown malware, attack trends, and the impact of more mobile devices in the enterprise. Additionally, researchers were able to measure the impact successful breaches have had on organizations, and the added expenses that go beyond remediation costs.

In the recent SANS 2016 Threat Landscape Study, conducted in partnership with security education and research group SANS Institute, researchers surveyed more than 300 IT and security professionals across the globe to uncover the threats organizations encounter in the real world; when and how they become incidents; which types of threats had the biggest impact; and the greatest challenges enterprises face in protecting themselves.

Both the Check Point Security Report and SANS 2016 Threat Landscape Study revealed:

Unknown malware continues its exponential and evolutionary growth. Researchers found a 9x increase in the amount of unknown malware plaguing businesses. This was fueled by the employees, who downloaded a new unknown malware every four seconds. In total, there were nearly 12 million new malware variants discovered every month, with more new malware discovered in the past two years than the previous decade.
Security is lagging behind the speedy, on-the-go mobile device. With smartphones and tablets accounting for 60 percent of digital media time spent, businesses’ mobile devices present both an access curse and a business productivity blessing. While employees do not want to be the cause of a company network breach, 1-in-5 will cause one through either mobile malware or malicious Wi-Fi.
Endpoints represent the starting points for most threats. Among the businesses surveyed, endpoints were the most common cause of breaches and the most critical component in cyber defenses, with attackers leveraging email in 75 percent of cases. Also, 39 percent of endpoint attacks bypassed the network gateway firewalls, and routine operations uncovered 85 percent of threats after they had already gotten inside the enterprise.

Another area of security the report took a look at was mobile. "Organizations now realize they cannot easily stop employees from connecting their personal devices to corporate resources, because they have discovered that 'bring your own device' (BYOD) greatly increases productivity," the report stated. "Unfortunately, the mobile platform is an attractive target for attackers as most organizations have not put in place controls to effectively protect them."

Of the attack vectors present in mobile, infected apps, network attacks, and OS exploits were the three biggest, the report said. Of course, once access is gained, an attacker will look for information like login credentials, and will exploit other technology like your phone's camera. Check Point recommends that enterprises educate their workforce, better understand risk associated with mobile, enforce security hygiene for all employees, and separate data relative to work and play.

The report also looked at additional attack patterns, noting a rise in ransomware. Code execution was the most popular attack vector for the 2015, which was the year Check Point examined for the study.

https://www.checkpoint.com/press/2016/new-check-point-research-reveals-enterprises-battling-9x-unknown-malware-employees-download-new-malware-every-four-seconds/