January 10, 2013 By George Tubin 2 min read

Less Is More: Advanced Malware Represents a Small Percentage of Enterprise Threats, But Packs Highest Impact

When it comes to both low-impact and advanced malware, the numbers are staggering. PandaLabs recently reported that nearly one-third (31.6 percent) of all PCs worldwide are infected with malware; after assessing over 100 enterprises around the world, TrendMicro concluded that 100 percent of enterprises had undetected malware; and a recent Ponemon Institute study of 130 enterprise organizations throughout the world found 11 percent of desktops, laptops or other mobile data-bearing devices had been infected by malware in any given month.

While certainly disturbing, these figures are also a bit misleading. The term “malware” represents a broad range of malicious software that affects end user devices in different ways. Most malware is considered to be “nuisance-ware,” which requires user and administrative resources to remediate and mostly leads to diminished productivity. Advanced malware, a far more dangerous form, steals sensitive data and communicates it to the attacker. Advanced malware presents a potentially devastating operational risk to the enterprise since it is specifically designed to steal and exfiltrate employee access credentials and sensitive corporate data.

The Growing Threat of Advanced Malware

Recent IBM analysis found that approximately 1 in every 500 employee endpoints is infected with sophisticated, information-stealing malware at any point in time. The IBM Security malware research team continuously analyzes information received from tens of millions of user endpoints and hundreds of organizations using IBM Security Trusteer solutions to protect their Web applications, computers and mobile devices from online threats.

Many of these users and organizations deal with highly sensitive financial transactions on a daily basis and are therefore constantly targeted by fraudsters and cyber criminals. Additionally, organizations are increasingly concerned about advanced persistent threats targeting their employee endpoints in an attempt to gain valuable business information such as intellectual property, legal documents and operational data.

2014 Ponemon Study: The Economic Impact of Advanced Persistent Threats (APTs)

This highly advanced malware exists within the broader malware infection statistics, which include a variety of malware categories. Although relatively small in number, this type of malware can have a huge impact. Because most malware detection software is designed to find standard, known malware — and because standard, known malware represents the vast majority of enterprise malware — most organizations falsely believe they are finding and eliminating virtually all malware threats. This is exactly what the advanced malware attackers want them to believe. While many organizations are satisfied with their malware detection statistics, this small sliver of advanced malware goes undetected and remains in position to cause devastating damage.

Rather than focus on the total number of PCs infected globally or within an average organization, all organizations should focus on the 1 in 500 employee devices that are infected with advanced data-stealing malware. This type of malware has highly evolved evasion capacities that render it virtually invisible to most malware detection applications. Mandiant recently reported that 94 percent of the time, enterprises only find out about a compromise due to a third-party notification. Advanced malware can compromise an employee’s device, steal sensitive data and continue to access the corporate network without being detected. It’s highly likely that it’s happening in your organization right now; you just don’t know it yet.

More from Malware

Strela Stealer: Today’s invoice is tomorrow’s phish

12 min read - As of November 2024, IBM X-Force has tracked ongoing Hive0145 campaigns delivering Strela Stealer malware to victims throughout Europe - primarily Spain, Germany and Ukraine. The phishing emails used in these campaigns are real invoice notifications, which have been stolen through previously exfiltrated email credentials. Strela Stealer is designed to extract user credentials stored in Microsoft Outlook and Mozilla Thunderbird. During the past 18 months, the group tested various techniques to enhance its operation's effectiveness. Hive0145 is likely to be…

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

13 min read - As of March 2024, X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents crafted to imitate authentic documents of government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production. Beginning in November 2023, X-Force observed ITG05…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today