Enterprise defenders contend with a dizzying variety of threats as attackers regularly evolve their arsenals of attack tools. But a recent survey suggests that in many cases, tried-and-tested attacks remain more prevalent than more sophisticated ones.
According to Dark Reading's "The State of Malware Threats" report, security professionals encounter common viruses and phishing attacks delivering malware more than any other type of malware threat.
When asked which types of online attacks their organizations detected frequently or very frequently, half of IT security professionals pointed to common viruses, followed by 47% for phishing attacks delivering malware and 30% for malware designed to steal credentials. These statistics highlight just how big a security headache phishing and credential theft are for organizations.
Not Yet Frequent, Thank Goodness
Nowadays, the focus is on ransomware because of its destructiveness: Business operations are disrupted, technical remediation is difficult, organizations often have to shut down temporarily as they attempt to recover, and attacks are costly (regardless of whether the ransom has been paid). And recent research from Cybereason suggests that paying the ransom doesn’t protect organizations from being hit again, with many reporting a second ransomware attack within a month of the first.
Assuredly, just under a quarter of respondents in our survey said their organizations detect ransomware attacks frequently or very frequently.
That’s not to say defenders don’t have to worry about ransomware attacks – attackers are increasingly opting for ransomware over other attack methods. As the "2022 Verizon Data Breach Investigations Report" notes, a quarter of breaches last year involved ransomware. And ransomware is top of mind for IT security professionals: When asked which types of attacks worried them most, 61% cited ransomware, followed by 54% for phishing.
Occasional/Rare Still Induces Headaches
Even so, IT security teams can’t only pay attention to frequent attacks. Many threats – such as malware designed to infect routers or other networking equipment, or malware compromises that are the result of a security breach with a supplier – may occur less frequently, but they are no less calamitous when they hit. A quarter of respondents said they’ve occasionally detected malware targeting cloud systems, 24% occasionally detected malware targeting networking equipment, and 21% occasionally encountered malware that was triggered by a security incident or compromise on supplier networks and systems.
Many of the sophisticated malware attacks remain rare. Multivector malware that behaves differently depending on the system it infects is frequently used in targeted attacks, which explains why 28% of IT security professionals said their organizations have never detected this threat. Similarly, despite the lack of basic security controls in the Internet of Things (IoT), more than half of IT security professionals said their organizations rarely, or never, detected attacks targeting IoT and other non-traditional systems. Also rarely detected are fileless malware that resides in memory (44%) and cross-platform malware designed to target more than one platform or operating system (50%).
There is a lot of rumbling right now about how automation can help with security defense. That is particularly true in this case, as automating malware detection and remediation for the more commonly seen threats could free up defenders to focus on the “occasional” and “rare” attacks that can be just as problematic for the organization, if not more.