A large amount of unidentified pieces of malware are constantly targeting enterprise networks.
The Palo Alto Networks security firm conducted a study in which they used their WildFire malware analysis engine to show how hundreds of samples remain undetected by most security solution vendors and that can really affect the integrity of the company’s infrastructures.
The numbers reveal that during a three-month period, in which they analyzed enterprise networks, more than 700 malicious elements attacked their networks from the Internet, more than half of which ended up not detected by any commercial product.
About 15% of the newly identified malware generated traffic between the victim devices and C&C servers, which hackers most likely controlled.
“I think we were all a bit surprised by the volume and frequency with which we were finding unknown malware in live networks,” said Wade Williamson, senior security analyst at Palo Alto Networks. “Unknown malware often represents the leading edge of an organized attack, so this data really underscores the importance of getting new anti-malware technologies out of the lab and into the hands of IT teams who are on the front lines.”
“The ability to detect, remediate and investigate unknown malware needs to become a practical part of a threat prevention strategy in the same way that IPS and URL filtering are used today,” he said.
The research also found zero-day malware did not only go out via web browsing or email traffic but also other web applications.
“It’s important to note this, because many enterprises only inspect email or FTP traffic for malware but do not have the ability to scan other applications. Applications that tunnel within HTTP or other protocols can carry malware that will be invisible to a traditional anti-malware solution,” Williamson added.
Another result from the study refers to how phishing has improved lately. It turns out that even web-based file hosting and webmail applications see use by cyber criminals to serve their malicious software.