Threat protection specialist Damballa has released its threat protection report for the third quarter, highlighting that the malware threat is still growing.
Based on analysis of traffic from the company's ISP and enterprise companies, the report looks at one of the biggest challenges facing IT security teams, that of identifying genuine attacks amongst a plethora of security alerts. In the last quarter it says that the 'noisiest' enterprises experienced some 138,000 events in a day. This represents a 32 percent increase over Q2, with customers experiencing an average of 37 infected devices a day.
There is some good news thanks to a 40 percent reduction in daily infections over the previous quarter. This is thanks to customers using technologies like automatic incident detection to respond to threats and identify true positives.
The biggest worry though is an increase in point of sale malware. Damballa detected a 57 percent increase in infections of Backoff from August to September and a 27 percent increase from September to the end of the month. Backoff, is a new breed of highly targeted POS malware and is reported by the US government to have infected 1,000 businesses including Kmart and Dairy Queen.
Brian Foster Damballa's CTO says, "Fundamentally, these figures show that prevention controls cannot stop malware infections. POS malware and other advanced threats can, and will, get through so we can't simply build the walls around the network higher. And for security teams, faced with the trawling through a tsunami of events every day, manually correlating these to find the 'true positives' is simply not feasible".
The particular worry with Backoff malware is that it attacks via local area networks where traffic may not come under the same scrutiny as external traffic. Once an infection is present therefore it can remain active but hidden.
Foster concludes, "The encouraging news is that automatically correlating evidence, can have a significant impact in reducing the number of infected devices within the network. We'd advise enterprises to be prepared, to get ahead by assuming that they will be compromised, and take proactive measures to be ready to remediate".
The full State of Infections report can be downloaded from the Damballa website.
Photo Credit: Balefire / Shutterstock