Palo Alto Networks published an analysis of new and evasive malware in live enterprise networks.
Their findings show that traditional antivirus solutions are not identifying the vast majority of malware infecting networks via real-time applications such as web browsing. Key findings include:
- 94 percent of the fully undetected malware found on networks was delivered via web browsing or web proxies.
- 70 percent of malware left identifiers in their traffic or payload that can be used by security teams for detection.
- 40 percent of seemingly unique malware are actually repackaged versions of the same code.
- FTP is a highly-effective method for introducing malware to a network. 95 percent of malware delivered via FTP went undetected by antivirus solutions for more than 30 days.
- Modern malware is highly adept at remaining undetected on a host device. The review identified 30 different techniques for evading security and more than half of all malware behaviors were focused on remaining undetected.
“It’s not enough to simply detect malware out there that is evading traditional security. Enterprises should come to expect more comprehensive prevention from their vendors,” said Wade Williamson, senior research analyst, Palo Alto Networks. “That’s what the Modern Malware Review is signaling – analyzing undetected malware in real networks has enabled us to arm IT security teams with actionable information for reducing their exposure against threats they might have otherwise missed.”
The review provides recommended policies that can help security managers better protect their networks against malware attacks. For example, by knowing that the majority of malware is simply relocated and repackaged versions of the same code, such as Zeus botnets, security teams can use a variety of indicators to identify it and create security policies that can automatically block it.
“Security managers are bombarded almost daily with alerts about the latest malware threats, and manually examining each threat to develop policy to stop it would overwhelm any security team,” said Phil Cummings, security administrator, Health Information Technology Services of Nova Scotia. “Reports like Palo Alto Networks’ Modern Malware Review provide the kind of real-world data and actionable policy recommendations that make my job easier.”
The Modern Malware Review analyzes malware collected by Palo Alto Networks between October and December 2012 via its WildFire malware analysis service. The review identified 26,000 different malware samples on networks that had gone completely undetected by their antivirus solutions.
The complete report is available here.