Enterprise defenders struggle with a staggering array of threats, while attackers regularly develop their arsenal of attack tools. But a recent study suggests that proven attacks in many cases remain more prevalent than uncommon and sophisticated.
According to Dark Reading’s report “The State of Malware Threats”, security professionals say they encounter common viruses and phishing attacks that deliver malware more than any other type of malware threat.
When asked what types of online attacks their organization detected often or very frequently, half of IT security professionals said common viruses, followed by 47% for phishing attacks that deliver malware and 30% for malware designed to steal credentials. These statistics highlight how big a security headache phishing and credential theft is for organizations.
Today, the focus is on ransomware because of its destructiveness: business operations are disrupted, technical remediation is difficult, organizations often have to shut down temporarily as they try to recover, and they are expensive (regardless of whether the ransom has been paid) . And recent research from Cybereason suggests that paying a ransom does not protect organizations from being hit again, with many reporting another ransomware attack within a month of the first one.
What is a little reassuring is that just under a quarter of respondents in our survey say that their organization detects ransomware attacks often or very frequently.
This does not mean that defenders do not have to worry about ransomware attacks – attackers are increasingly opting for ransomware over other attack methods. As Verizon DBIR noted, a quarter of the breaches last year involved ransomware. And ransomware is top of mind for IT security professionals: When asked what types of attacks worried them the most, 61% cited ransomware, followed by 54% for phishing.
There are many different types of malware attacks and many of the sophisticated ones are rarely seen against companies. Multi-vector malware, which behaves differently depending on the system it infects, is often used in targeted attacks, which explains why 28% of IT security professionals say their organizations have never detected this threat. Similarly, despite concerns about basic security controls lacking in the Internet of Things, more than half of IT security professionals said their organization rarely or never detected attacks targeting IoT and other unconventional systems. Also rarely detected is file-free malware (44%) and cross-platform malware designed to target more than one platform or operating system (50%).
Yet IT security teams may not be aware of only frequent attacks. Many threats – such as malware designed to infect routers or other network equipment, or malware compromises that result from a security breach by a vendor – can occur less frequently, but are no less catastrophic when they hit the organization. A quarter of respondents say they have occasionally discovered malware targeting cloud systems, 24% occasionally detected malware targeting network equipment, and 21% occasionally encountered malware triggered by a security incident or compromise of vendor networks and systems.
There is a lot of rumbling right now about how automation can help with security defense. This is especially true in this case, as automating threat detection and addressing the more commonly seen threats could free defenders to focus on the “occasional” and “rare” attacks that can be just as problematic for the organization, if not more so.