Malware is becoming more sophisticated, actively resisting traditional detection technologies. This development is posing new challenges to security companies. According to independent test organizations, almost one out of ten malware attacks succeed.
One in ten – sounds like a lot, but what does this mean in practice?
One of our product managers illustrated the significance of a high threat detection rate with a practical example. On average, an employee faces two malware per year (depending on the Internet usage profile of the users and the other layers of the protection, of course). In a company of 500 employees, with a detection rate of 92%, 80 infections in total will pass the traditional malware protection. If the detection rate is 99%, only 10 attacks out of one thousand will succeed. A minor difference in percentage points can make up a major difference in practice.
With this in mind, we believe that detection rate is a key factor in the value of security.
With businesses spending sizable sums of money to clean up damage from malware, high malware detection rates take on greater importance. Have you ever wondered how much it costs to have your business down for one day? Companies are not only spending for malware cleanup, but costs are also incurred as a result of lost productivity, loss of data (such as trade secrets, intellectual property and private customer data), investigation, and post-incident management. And how about your company’s reputation – how much is it worth? Add all these together, and malware that has gone undetected can have serious ramifications to a business. And that’s exactly why even a one percent higher detection rate can save thousands.
Recent examples of attacks with possibly multifold consequences include the patient records of an Australian medical centre held to ransom, as well as Internet advertising network NetSeer suffering a hack that also affected any Web page that included an ad served from NetSeer’s servers – among others several high profile Web sites and news agencies. And these are only a tiny fraction of all the examples out there.
Cyber attacks are not only costly to large enterprises, but also affect small and medium sized businesses (SMBs). Small firms are increasingly popular targets for attacks, as they are not as likely to be adequately protected. In fact, according to Verizon 2012 Data Breach Investigation Report, 79% of data breach victims from the past year were targets of attacks mainly because they were found to possess an exploitable weakness rather than because they were pre-identified targets. In addition, the same study states that victims don’t usually discover their own incidents, but they’re typically discovered by third parties only weeks or months after the initial instance – when significant damage has already been done.
To stay on top of the latest threats, we are launching F-Secure Client Security 10 that provides proactive protection for corporate desktops and laptops. It offers enhanced security with DeepGuard 4 threat detection technology that has been tested by AV-TEST with top-notch scores against new malware. In these independent tests for preventing new “zero-day” malware attacks, DeepGuard 4 performs at 98 to 100%, while the industry average hovers around 90 percent.
So why does detection rate matter? The answer is simple: even a single incident can be one too many.
And that’s why our aim is to “Protect the Irreplaceable.”
Online criminals are in the business of finding holes -- holes in your software. "Pieces of software will always have vulnerabilities, and there will always be criminals creating exploits for those vulnerabilities," says F-Secure Senior Researcher Timo Hirvonen. "It's become a whole business model for these criminals, because the security patches that companies release basically expose the vulnerabilities in software. The criminals reverse engineer the patches to find vulnerabilities, and then they target those vulnerabilities with exploits they develop." Given that they spend all day thinking about how to get into your network and you spend all all day trying to run your business, they may have the advantage. But there is a lot you can do to make your data and customers safer. Our Security Advisor Sean Sullivan recently responded to questions we frequently hear from businesses trying to secure their IT infrastructure. He explained with what the most common vulnerabilities tend to be, the steps you can take to patch them and the biggest mistakes businesses make. Mobile apps and cloud systems allow employees to access documents, systems, data and other work product from anywhere, but always-on access comes with always-threatening security risks. What are the most significant of those risks? Always on and working from anywhere means more devices and a larger attack surface area. Even a diligent and tech-savvy person who is cautious about not opening a suspicious file can still be a victim of exploits, as these kits automatically take advantage of vulnerabilities in software that are commonly used by browsers and programs, such as Adobe Reader, Flash players, etc. More than half of what F-Secure is blocking these days are exploits, and they’re among the biggest threats to SMBs because people frequently don't update their software and this puts the business at greater risk. A Java plug-in update, for example, that people often ignore thinking it’s not a mission-critical application for their day-to-day activities can be the chink in the armor that lets in a malicious attack. Some of the exploit kits we're detecting are using exploits that have been detected and patched MONTHS ago, but the attackers are betting that many businesses haven’t updated their software, and their bets are paying off. What are the most important steps small and medium-sized businesses should take to protect themselves against those risks? The cybersecurity landscape is fluid so invest in sending your IT person to training seminars so he or she can learn more about protecting your users and network. Additionally, selecting a cloud-based security solution helps you and your employees not have to worry about updating plugins and applications. What are some of the biggest mistakes SMBs make in this area? They undervalue their data and content. Training documents for new hires, for example, aren’t mission critical to the business functioning, so it’s likely the business wouldn’t see it as valuable, but if they had to recreate all of those files from scratch, it would likely take a lot of time and resources, right? Thinking an attacker won’t go after certain items because it’s not important to them is the wrong mindset — they care about what’s important to you. Backup files in multiple locations — online and physical hard drives. Use a VPN to encrypt your communication and encourage or provide VPN applications for your employees to use on their work and personal devices. Lastly, keep your systems updated. Using a cloud-based security software that takes care of all that helps saves you time and money and lets you focus on your business and the professionals handle security. Our F-Secure Booster's premium version contains a software update feature that can you monitor their drivers and applications to keep them patched in protected. Our business products also feature Software Updater to keep software updated and safe from exploits. [Image by elineart | Flickr]
If you're in business, you have enemies -- and they're trying to get into your network. For-profit malware authors after baking information or files for extortion want in. Script-kiddies want in because mayhem is their game. And if you're large enough, criminals seeking data about your customers for espionage want in too. "For instance, if you're a law firm," F-Secure Labs Senior Researcher Jarno Niemelä said in a recent webinar, "your clients might be interesting." And it's not just the clients of lawyers, who may be "interesting". He noted companies that specialize in car rental, car leasing, cleaning and catering all have customers that are attractive targets for your enemies. In order for an attack to be successful, the attacker must first get information about his or her targets. And the worst part is we may be letting our enemies in. Here are the 5 most common methods that is done: 1. Email. Spam is designed to hit anyone and only needs to work a tiny fraction of the time. A spear phishing attack was designed to get you. 2. Hacked websites. Like a lion hiding in a savannah, the best attackers infect a website you're likely to visit -- naughty and not naughty -- and wait for you to become their prey. 3. Search Engine Poisoning. Criminals target a specific search term and tries to drive an infected site up the Google rankings. 4. Traffic Injection. These more advanced attacks hijack your traffic and send it to a router controlled by the enemy. Once you've become the victim of a man-in-the-middle attack any web site you visit could be infected just for you. 5. Social engineering. What your enemy lacks in technical savvy, s/he could make up with the ability to fool you. 6. Affiliate marketing. Some criminals -- and intelligence agencies -- simply buy their victims in bulk. Jarno calls it "the digital slave trade". Of course, these aren't the only ways into your network. Jarno also explained how offline attacks through external drives, for instance, can provide access. But these are the six most likely ways your enemies will find their way in your network. And you should have some idea what they're up to, since their success depends on your mistakes. Cheers, Sandra
This is the first in a series of posts about Cyber Defense that happened to real people in real life, costing very real money. A rainy, early spring day was slowly getting underway at a local council office in a small town in Western Poland. It was a morning like any other. Nobody there expected that this unremarkable day would see a series of events that would soon affect the entire community... Joanna Kaczmarek, a Senior Specialist in the council’s Accounting Department, rushed into her office a little late, but in a good mood nonetheless. Before getting down to work, she brewed herself a cup of coffee and played some music on her computer. Several days earlier, she had finally installed a music app on her PC so she could listen to her favourite tunes while she worked. This had taken some effort though, as she had needed administrator’s access to her computer. It took a lot of pleading and cajoling, but after a week the IT guy finally gave in. Joanna had no idea that she was opening a dangerous gap in the council’s IT system. That morning, Joanna launched, as she had countless times before, a government issued budget management application. With a few clicks, she made a transfer order for nearly twenty thousand zloty. The recipient of the money was a company that had won the contract for the renovation of a main road in the town. The whole operation took seconds. Two days later, the owner of the company phoned Joanna, asking about the advance he was supposed have received. “I can’t get the work started without that money”, he complained in an annoyed voice. Joanna was a little surprised and contacted the bank. The bank confirmed the operation, saying that there was nothing suspicious about it. Joanna, together with the Head of the IT Department, carefully ran back over the events of the day of the transfer. They found nothing out of the ordinary, so started checking what was happening on Joanna’s computer around the time before the transfer date. They soon found something: nearly a week prior to the date of the missing transfer, Joanna had received an email from the developer of the budget management software. For Joanna, the message hadn’t raised any red flags; the email contained a reminder about a software update and looked very legitimate. It contained the developer’s contact data, logo and telephone number. Everything was in order… Everything except for a change of one letter in the sender’s address. Joanna hadn’t noticed – a “t” and an “f” look so alike when you read quickly, don’t they? Unaware of the consequences, Joanna followed the link that was to take her to the update website. With just one click of her mouse she started a snowball of events that ultimately affected each and every resident of the town. Instead of the “update”, she downloaded dangerous spyware onto her computer. In this way, the cybercriminals who orchestrated the attack learnt that the woman was a Senior Specialist in the Accounting Department and was responsible for transferring money, including EU funds. The thieves lured Joanna into a digital trap, tricking her into installing software that replaced bank account numbers “on the fly”. As she was processing the transaction, the hackers replaced the recipient’s account details with their own, effectively stealing the money. Joanna would have been unable to install the fake update if she hadn’t obtained the administrator’s rights she’d needed for her music app. All she had wanted was to listen to some music while she worked. If only she had known what the consequences would be... After the attack was discovered, the Police launched an investigation. Joanna was just one of many victims. Investigators discovered that the malware infection was likely to have targeted computers used by local government workers in hundreds of municipalities across Poland. Law enforcement authorities haven’t officially disclosed how much money was stolen, but given the fact that losses may have been underreported, the estimated figures are in the millions of zlotys. On the top of that, Joanna’s town had to wait months for the completion of the roadwork. This was one of the largest mass cyber-attacks against local government in Poland. It certainly won’t be the last one... For small and medium sized enterprises, the average financial loss as the result of a cyber security incident is on average 380 000€. The risk and the lost is real. Don’t be an easy target. We help businesses avoid becoming an easy victim to cyber attacks by offering best in class end-point protection and security management solutions trusted by millions.