ATLANTA – Oct 24th 2014 –Damballa, the experts in advanced threat protection and containment, today released its Q3 State of Infections Report highlighting the extent to which malware infections, such as Backoff malware, are able to bypass network prevention controls. The report reveals the ongoing challenges faced by security teams in managing a mountain of security events and the positive impact of taking measures which can identify the true positives within these alerts.
The report was compiled from analysis of traffic from global ISPs and enterprise customers.
Key findings from the report:
32% rise in events from Previous Quarter
The report addresses one of the biggest challenges facing IT Security teams, that of identifying the genuine attacks – the ‘true positives’ – in amongst the mountain of security alerts. During Q3 2014, Damballa observed that the ‘noisiest’ enterprises experienced some 138,000 events in a day; a 32% increase from Q2 2014, with customers experiencing an average of 37 infected devices a day.
Encouragingly, however, Damballa observed a 40% reduction in daily infections, compared with the previous quarter, amongst customers who proactively remediated assets presented as true positives – with automatic incident detection through evidence correlation, true positive confirmation and risk ranking.
Spikes in POS Malware
During Q3 2014, in environments where POS traffic is inspected, Damballa detected a massive 57% increase in infections of Backoff from August to September and a 27% increase from September to the end of the month. Backoff, a new breed of extremely targeted POS malware, is reported to have infected 1,000 businesses* including Kmart and Dairy Queen.
The increase is notable as it highlights that the malware had bypassed network prevention controls and was active, yet hidden, in the network.
This spike in POS malware activity also underscores the need for enterprises to ensure that POS traffic is visible either through a centralised network or site-to-site VPN so that advanced threat detection systems can quickly detect hidden network infections.
Brian Foster Damballa CTO comments: “Fundamentally, these figures show that prevention controls cannot stop malware infections. POS malware and other advanced threats can, and will, get through so we can’t simply build the walls around the network higher. And for security teams, faced with the trawling through a tsunami of events every day, manually correlating these to find the ‘true positives’ is simply not feasible.
He continues: “Instead, organisations need to focus on building better intelligence to know where the real threats are. The encouraging news is that automatically correlating evidence, can have a significant impact in reducing the number of infected devices within the network. We’d advise enterprises to be prepared, to get ahead by assuming that they will be compromised, and take proactive measures to be ready to remediate.”
The Full State of Infections Report can be downloaded at https://www.damballa.com/state-infections-report-q3-2014/.