Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

3/25/2013
09:10 PM
Dark Reading
Dark Reading
Products and Releases

Palo Alto Networks Research Shows Real-Time Apps And FTP Are Preferred Targets For Malware

Modern malware review shows traditional antivirus struggles to detect malware that actively avoids detection



Santa Clara, Calif., March 25, 2013 – Palo Alto Networks (NYSE: PANW), the network security company, today announced its inaugural publication of the Modern Malware Review, an analysis of new and evasive malware in live enterprise networks. The review’s findings show that traditional antivirus solutions are not identifying the vast majority of malware infecting networks via real-time applications such as web browsing. The Modern Malware Review is the first industry report to examine the behavior of unknown malware throughout its entire lifecycle, beginning when it enters the network, how it behaves once it is on the infected device and finally the outgoing traffic it generates. Key findings include:

• 94 percent of the fully undetected malware found on networks was delivered via web browsing or web proxies. • 70 percent of malware left identifiers in their traffic or payload that can be used by security teams for detection. • 40 percent of seemingly unique malware are actually repackaged versions of the same code. • FTP is a highly-effective method for introducing malware to a network. 95 percent of malware delivered via FTP went undetected by antivirus solutions for more than 30 days. • Modern malware is highly adept at remaining undetected on a host device. The review identified 30 different techniques for evading security and more than half of all malware behaviors were focused on remaining undetected.

“It’s not enough to simply detect malware out there that is evading traditional security. Enterprises should come to expect more comprehensive prevention from their vendors,” said Wade Williamson, senior research analyst, Palo Alto Networks. “That’s what the Modern Malware Review is signaling – analyzing undetected malware in real networks has enabled us to arm IT security teams with actionable information for reducing their exposure against threats they might have otherwise missed.”

The review provides recommended policies that can help security managers better protect their networks against malware attacks. For example, by knowing that the majority of malware is simply relocated and repackaged versions of the same code, such as Zeus botnets, security teams can use a variety of indicators to identify it and create security policies that can automatically block it.

“Security managers are bombarded almost daily with alerts about the latest malware threats, and manually examining each threat to develop policy to stop it would overwhelm any security team,” said Phil Cummings, security administrator, Health Information Technology Services of Nova Scotia. “Reports like Palo Alto Networks’ Modern Malware Review provide the kind of real-world data and actionable policy recommendations that make my job easier.”

The Modern Malware Review analyzes malware collected by Palo Alto Networks between October and December 2012 via its WildFire malware analysis service. The review identified 26,000 different malware samples on networks that had gone completely undetected by their antivirus solutions.

To download the Modern Malware Review, please visit: http://www.paloaltonetworks.com/mmr.

About Palo Alto Networks Palo Alto Networks is the network security company. Its innovative platform allows enterprises, service providers, and government entities to secure their networks and safely enable the increasingly complex and rapidly growing number of applications running on their networks. The core of Palo Alto Networks platform is its Next-Generation Firewall, which delivers application, user, and content visibility and control integrated within the firewall through its proprietary hardware and software architecture. Palo Alto Networks products and services can address a broad range of network security requirements, from the data center to the network perimeter, as well as the distributed enterprise, which includes branch offices and a growing number of mobile devices. Palo Alto Networks products are used by more than 11,000 customers in over 100 countries. For more information, visit www.paloaltonetworks.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...