The rate of targeted attacks with unique forms of malware has more than doubled to 287,298 in the second quarter ended 30 June 2011 from 105,536 in March 2011, according to a new report from Cisco.
Cisco’s second quarter Global Threat Report found that malware is increasingly being used as advanced persistent threats against enterprises.
In many of the breach incidents, customer data was stolen and publicly published, while in some of those cases, the attackers motive was identified to shed light on security issues.
The average encounter rate in the second quarter was 335 encounters per enterprise per month, with the highest peaks in March and April at 455 and 453, respectively.
Brute-force SQL login attempts increased significantly during the second quarter, coinciding with increased reports of SQL injection attacks, resulting in data breaches throughout the period.
The report shows that companies with 5,001 to 10,000 employees and companies with more than 25,000 employees experienced significantly higher malware encounters compared to other size segments.
Cisco notes that intrusion prevention and detection systems including IPS/IDS, as well as tools like NetFlow, can provide valuable ongoing alerting and forensics for early threat detection.
The company says global spam volumes remained steady throughout the first half of 2011, with a slight decrease observed in the second quarter.
However, phishing attacks measured in proportion to all spam increased in the second quarter, reaching
4% of the total volume of spam in May 2011.
In many of the breaches, Advanced persistent threats (APTs) played a key role and malware used in this type of attack can bypass signature detection and other standard forms of security protection.
APTs are generally rootkit-enabled, exhibit no visible symptoms of infection, and often employ escalation of privilege and other forms of exploit to traverse the compromised network.
