Web malware favoured 5-to-1 over email attacks, FireEye reports

Authors of insidious and targeted advanced persistent threats (APTs) all but ignored Australia during 2013, an analysis of the year's security events by security firm FireEye has found.

The company's FireEye Advanced Threat Report 2013 analysed some 39,504 unique cyber security incidents detected during 2013, of which 4192 were associated with advanced persistent threats (APTs).

Some 17,995 unique malware infections were discovered due to APT activity, with the US, Canada and Germany targeted by the highest number of unique malware families. FireEye identified 159 distinct APT-associated malware families, many of which were created using publicly available hacker tools like Dark Comet, LV, Gh0stRAT, and Poison Ivy.

As well as noting hackers' reliance on toolkits, FireEye noted that hackers had focused “significant effort on evasion and persistence”. This included innovations such as malware that only executes when users move a mouse – tricking sandbox detection systems because the malware doesn't generate activity when the system isn't being used. Malware authors had also begun incorporating virtual-machine detection so as to bypass security efforts based on virtual sandboxing.

Significantly, the analysis found that 92 percent of email attacks were .ZIP files – a finding that the company says “should encourage serious debate about how to filter such files in corporate networks.”

Command-and-control (CnC) infrastructure, which is used to co-ordinate the activities of large-scale malware around the world, was found in 206 countries – up from 184 detected CnC sources in 2012. The US, Germany, South Korea, China, Netherlands, UK, and Russia were home to the most CnC servers.

Australia was nowhere to be seen in the report's country-based breakdown of APT activity – in high contrast to a recent report from Fortinet, whose own recent findings said Australia was the second most-attacked country, behind the US but ahead of the UK, Israel, Japan, France, Puerto Rico, Turkey, Mexico, and Kazakhstan.

Similarly, a Trend Micro Labs analysis, published in the middle of 2013, also found Australia was a significant source of CnC traffic and had the world's second-highest botnet concentration.

FireEye's figures found that APT perpetrators were far and away focused on the United States, where 125 different malware families were observed. Canada suffered attacks by 52 different families of malware; Germany, 45; the UK, 43; and Japan, 37.

The firm's analysis also revealed some common trends in the distribution and behaviour of APTs, with federal government bodies targeted by the highest number of unique malware families and services, technology, financial services and telecommunications companies rounding out the top five.

Web-derived malware outnumbered email-derived malware by a ratio of five to one, with Java the most common zero-day focus for attackers and a burst of Internet Explorer watering hole attacks observed – particularly against US government Web sites – in the second half of the year.

Join the CSO newsletter!

Error: Please check your email address.

Tags FireEyemalware

More about APTFireEyeFortinetTrend Micro Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts