As Web filtering and antivirus technologies get most sophisticated at identifying malware and blocking hostile Web sites, spammers and scammers are increasingly turning to individualized email attacks and customized versions of their malware to get their payloads past protection systems—and make potential victims more likely to click. According to Cisco’s second-quarter Global Threat Report (PDF), the company identified almost 290,000 unique instances of malware on the Web in June 2011. That’s almost double the 105,536 that Cisco found in March 2011 and almost four times the number Cisco found in January 2011.
Cisco also found that scammers and attackers are turning away from attacks the rely on bulk email distribution in favor of targeted attacks that go after particular markets, companies, and even individuals. The company says global spam volume remained relatively steady during the second quarter, but phishing attacks were up sharply.
Enterprises and organizations with more than 25,000 employees seem to be scammers’ favorite targets: they see more unique malware than Cisco’s other market segments—of course, they’re also more likely to have deployed enterprise-grade malware protection.
Cisco notes that advanced persistent threats (APTs) played a role in many of the data breaches that have plagued corporations and organizations in 2011. Many APTs rely on rootkits and show no symptoms on an infected system, instead enabling attacks to access sensitive information through privilege escalation that lets them peer into protected parts of an organizations’ network. Cisco notes that these attack vectors can rarely be detected by scanning systems for signatures; instead, security policies have to monitor network and access activity and look for anything out of the ordinary.
