How Malware Bypasses Detection Tools

 
 
By Karen A. Frenkel  |  Posted 03-03-2015 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Web-Borne Malware Growing
    Next

    Web-Borne Malware Growing

    A majority of respondents agree that their security tools are incapable of completely detecting Web-borne malware, that Web browsers are primary attack sites and that these attacks are more serious than other types of malware infections. Respondents "strongly agree" and "agree" with the following statements: Even with security tools, Web-borne malware can be completely undetectable: 81%, The insecure Web browser is a primary attack vector: 81%, Traditional detection-based technologies are becoming ineffective in stopping these attacks: 74%
  • Previous
    Likelihood of Undetected Malware
    Next

    Likelihood of Undetected Malware

    77% of respondents said it is "certain" or "very likely" that their organizations have been infected by undetected Web-borne malware.
  • Previous
    Budgets Hamper Malware Detection
    Next

    Budgets Hamper Malware Detection

    51% of respondents said they do not have adequate resources to effectively detect and contain malware. 49% said defending against Web-borne malware is not a security priority. As a result, 52% rate their ability to detect and contain such malware as "very weak" or "weak."
  • Previous
    Impact of Unsecure Browsers
    Next

    Impact of Unsecure Browsers

    On average, unsecure Web browsers cause 55% of companies' total malware infections. 76% of respondents said up to 76% of their companies' total malware attacks were due to unsecure browsers during the last year.
  • Previous
    Sandboxes Help, but Not Enough
    Next

    Sandboxes Help, but Not Enough

    38% of respondents said Web-borne malware still penetrates sandboxes and content analysis engines.
  • Previous
    Other Defenses Bypassed
    Next

    Other Defenses Bypassed

    50% of respondents said Web-borne malware was able to bypass their organization's layered firewall., 46% said malware bypassed their antivirus solutions., 41% said their intrusion detection systems failed.
  • Previous
    Putting a Price on Ending Malware
    Next

    Putting a Price on Ending Malware

    Asked what they would be willing to pay to stop malware, organizations would allocate an average of 33% of their total security budget to stop half of Web-borne attacks. To stop all, they would allocate an average of 50% of the budget.
  • Previous
    Containment Costs of Web-Borne Malware
    Next

    Containment Costs of Web-Borne Malware

    The average cost to detect and contain one security breach because of the failure of malware detection is about $62,000. This means organizations could have spent $3.2 million to deal with the security breach due to Web-borne malware.
  • Previous
    Traditional Detection Is a Deterrent
    Next

    Traditional Detection Is a Deterrent

    Traditional methods deter organizations from adopting new solutions. 65% of respondents said overcoming psychological dependency on traditional detection methods would be a major barrier to adopting techniques that make traditional Web-borne malware detection and containment methods obsolete.
 

More than one-half of security breaches occur through companies' browsers despite malware-detection technologies, according to a new study. That means companies are spending millions without success to protect themselves, according to the Ponemon Institute, which was commissioned by Spikes Security to prepare the report, "The Challenge of Preventing Browser-Borne Malware." The study defines Web-borne malware as malware that attacks and infiltrates a user's unsecured browser. "The recent J.P. Morgan Chase data breach that affected 70 million households and 7 million small businesses is an example of hackers targeting an employee's Web habits," according to the report. There were 645 respondents, made up of IT officers and IT security practitioners familiar with their companies' efforts to detect and contain malware. Respondents were from U.S. businesses with more than 14,000 employees. All the organizations had built a multi-layer, defense-in-depth architecture designed to prevent malware attacks.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...