2016 Malware Attacks Quadrupled from Previous Numbers
Last year stands out for the astronomical growth of malware, resulting in a significant increase in the sheer volume of cyber attacks on enterprises, organizations, nations, and infrastructure. Some estimate that in 2016 malware attacks quadrupled from previous numbers.
It was a year marked by extraordinary attacks, including multi-million dollar virtual bank heists and overt attempts by state-sponsored groups to disrupt the democratic electoral process in many Western countries.
Cybercriminals caused unprecedented levels of disruption with relatively simple IT tools and cloud services.
In 2016, researchers at Check Point painted a dire picture of an average day in the life of a typical enterprise:
- Every 81 seconds a known malware is downloaded
- Every 4 minutes a high-risk application is used
- Every 4 seconds an unknown malware is downloaded
- Every 5 seconds a host accesses a malicious website
- Every 53 seconds a bot communicates with its command and control center
- Every 30 seconds a threat emulation occurs
The research also indicated a massive jump in the volume of unknown malware being created and downloaded: a 900% increase, with more than 970 downloads per hour – compared with 106 previously. More than 12 million new malware variants were released each month.
The rate at which new malware is being developed has soared – data shows that more new malware has been developed in the past few years than in the previous 10 years combined. Malware is being developed at such a rate that traditional anti-virus and anti-malware software solutions are struggling to keep up.
Impact of Cyberattacks
There is no dispute, the proliferation of malware and cyber attacks is at an all-time high, and forecast to continue to increase. There are many ways that malware is used to attack enterprises and organizations – however fileless malware and other advanced persistent threats such as botnets, rootkits, RATs, macro enabled documents and scripts are arguably the most dangerous. These threats bypass security defenses, usually remain undetected for long periods of time, and are difficult to track even once the problem has surfaced.
Overall economic cybercrime has evolved to a point where one can segment it into two distinct categories — the kind that steals money or data that is monetizable and bruise reputations; and the kind that steals IPs and lay waste to an entire business. The latter are often classified as ‘transfer of wealth’ attacks.
While the long-term damage, both to organizations and the economy, is potentially far higher for transfer of wealth attacks – the regulatory pain, loss of investor confidence and media scrutiny arising from the theft of funds, medical data, financial details or of personally identifiable information can be damaging too. As regulation and oversight catch up, organizations will increasingly find themselves having to deal with legal implications in the event of an incident occurring.
Threat Outlook in 2017
To learn more about the increased threats in 2017 and to get guidance on how to respond and react to malware using threat hunting download the white paper on Protecting the Enterprise Against Unknown Malware.
More from our blog
Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.Read More »
In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…Read More »
A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…Read More »