Enterprise defenders contend with a dizzying variety of threats as attackers regularly evolve their arsenal of attack tools. But a recent survey suggests that in many cases, tried-and-tested attacks remain more prevalent than uncommon and sophisticated ones.
According to Dark Reading’s “The State of Malware Threats” report, security professionals say they encounter common viruses and phishing attacks delivering malware more than any other type of malware threat.
When asked which types of online attacks their organization detected frequently or very frequently, half of IT security professionals said common viruses, followed by 47% for phishing attacks delivering malware, and 30% for malware designed to steal credentials. These statistics highlight just how big a security headache phishing and credential theft are for organizations.
Nowadays, the focus is on ransomware because of its destructiveness: business operations are disrupted, technical remediation is difficult, organizations often have to shut down temporarily as they attempt to recover, and they are costly (regardless of whether the ransom has been paid). And recent research from Cybereason suggest that paying the ransom doesn’t protect organizations from being hit again, with many reporting a second ransomware attack within a month of the first.
What’s a little assuring is that just a little under a quarter of respondents in our survey say their organization detect ransomware attacks frequently, or very frequently.
That’s not to say defenders don’t have to worry about ransomware attacks – attackers are increasingly option for ransomware over other attack methods. As the Verizon DBIR noted, a quarter of breaches last year involved ransomware. And ransomware is top of mind for IT security professionals: When asked which types of attacks worried them most, 61% cited ransomware, followed by 54% for phishing.
There are many different types of malware attacks, and many of the sophisticated ones are rarely seen against enterprises. Multivector malware that behaves different depending on the system it infects is frequently used in targeted attacks, which explains why 28% of IT security professionals say their organizations have never detected this threat. Similarly, despite concerns abound over basic security controls missing in the Internet of Things, more than half of IT security professionals said their organization rarely, or never, detected attacks targeting IoT and other non-traditional systems. Also rarely detected are fileless malware that resides in memory (44%) and cross-platform malware designed to target more than one platform or operating system (50%).
Even so, IT security teams can’t pay attention to only frequent attacks. Many threats – such as malware designed to infect routers or other networking equipment, or malware compromises that are the result of a security breach with a supplier – may occur less frequently, but are no less calamitous when they hit the organization. A quarter of respondents say they’ve occasionally detected malware targeting cloud systems, 24% occasionally detected malware targeting networking equipment, and 21% occasionally encountered malware that was triggered by a security incident or compromise on supplier networks and systems.
There is a lot of rumbling right now about how automation can help with security defense. That is particularly true in this case, as automating threat detection and remediation for the more commonly seen threats could free up defenders to focus on the “occasional” and “rare” attacks that can be just as problematic for the organization, if not more.