Businesses Waste Big Bucks Fighting Phantom Cyberattacks

Businesses spend an average of US$1.27 million a year chasing cyberthreats that turn out to be dead ends. That is one of the findings in a report released last week on the cost of containing malware.

In a typical week, an organization can receive nearly 17,000 malware alerts, although only 19 percent of them are considered reliable, according to the research, which was conducted by the Ponemon Institute and Damballa.

Still, malware fighters have a difficult time keeping up with even the reliable alerts, since only 4 percent are investigated, according to the survey of 630 IT and IT security practitioners familiar with their company’s antimalware practices.

Making matters worse, two-thirds of the time spent hunting for bad apps is wasted because of faulty intelligence. An average of 395 hours a week is frittered away on dead-end investigations.

Tools Address Manpower Shortage

While more than two-thirds of organizations (67 percent) had some type of structured approach to malware containment, a third (33 percent) approached containment on an ad hoc basis, the researchers also found.

“That was surprising to me,” Damballa CTO Brian Foster told TechNewsWorld. “I thought that would be much lower.”

Although manpower shortages contribute to the ability of organizations to follow up alerts about malware, a substantial number of respondents — 41 percent — hadn’t installed automated tools to capture intelligence and evaluate malware risks. Such tools can handle an average of 60 percent of malware containment problems without any intervention.

The number of organizations without detection tools also surprised Foster.

“If you don’t have enough humans, I would expect you’d find tools to help you do this stuff quicker,” he said.

In addition to containing malware without human intervention, the tools can address manpower issues in another way. For example, the recently released Websense’s Triton APX 8.0 software contains dashboards that prioritize alerts of system threats.

“That prioritization means an organization can put a less-skilled, less experienced person in that daily management mode,” said Bob Hansmann, director of product security for Websense.

“Then they can take their few skilled and experienced people and let them deal with the big stuff and [not] distract them with the little stuff,” he told TechNewsWorld.

Given the dearth of internal intelligence organizations appear to be collecting about their networks, another survey finding should not come as a surprise: More than 60 percent of the respondents said their main source of malware information was a vendor or their peers.

Companies are so focused on defending against malware attacks that they’ve ignored detection, Damballa’s Foster explained. “That mindshift from prevention to detection and response is very important, and it’s starting to happen now.”

Android Malware Climbs

Android malware encounter rates in the United States rose in 2014, according to Lookout’s annual mobile threat report. In 2014, 7 percent of Android users in the United States encountered malware, compared to only 4 percent in 2013.

However, encounter rates declined or remained unchanged in other parts of the world. For example the rate in United Kingdom dropped from 5 percent to 2 percent; and in France, from 3 percent to 2 percent. It remained unchanged at 3 percent in Germany and 1 percent in Japan.

The most popular form of malware during 2014 was ransomware. After infecting a phone, the bad app locks the mobile and won’t unlock it unless a ransom is paid.

“Because regulators have cracked down on the more rampant abuses of SMS premium service fraud, the bad guys can’t rely on that as much anymore,” said Jeremy Linden, a security product manager for Lookout.

“It’s caused them to evolve and get smarter in what they’re doing,” he told TechNewsWorld. “Instead of getting two or three dollars a pop for an SMS scam, they can get $300 to $500 per device with ransomware.”

Preloaded Malware

Adware was another declining source of revenue for mobile marauders in 2014.

“2014 saw adware encounters fall dramatically, evidence that Google’s crackdown on adware in the latter half of 2013 and its continued policing of the Play Store has substantially reduced the prevalence of abusive mobile advertising practices in Android applications,” the report notes.

The appearance of preloaded malware is a disturbing trend Lookout spotted last year.

“It’s inserted somewhere in the supply chain,” Linden said. “It’s usually on third-tier manufacturer knockoff devices that pass through quite a few hands before they reach the actual consumer — a lot more hands than your average Samsung device that goes to a U.S. user.”

“We’ve seen this mostly in Europe, where there are more shady knockoff Android devices,” he added, ” but we have seen more of overall it at the end of 2014 and beginning of 2015.”

Breach Diary

  • Jan. 12. White House proposes national data breach law with 30-day from discovery of incursion reporting requirement.
  • Jan. 12. Two social media accounts belonging to the U.S. Central Command vandalized by group calling itself the “Cyber Caliphate.”
  • Jan. 12. Rapid 7 researchers report that Google has stopped pushing its own security updates for Webview in Android for all versions below 4.4. Decision will affect an estimated 939 million devices globally.
  • Jan. 13. Park ‘N Fly, an offsite airport parking company based in Atlanta, informs public that its e-commerce website has been compromised and information for an undisclosed number of payment cards placed at risk.
  • Jan. 14. New Attorney General Eric T. Schneiderman proposes expanding his state’s data breach law to include incursions where email addresses and passwords are compromised.
  • Jan. 15. Liability limited to $500,000 in data breach case involving supermarket chain Schnuck Markets, First Data Merchant Services and Citicorp Payment Services. Schnuck breach compromised information for an estimated 2.4 million credit and debit cards.
  • Jan. 16. Court proceedings over Home Depot data breach, which reportedly compromised 56 million customers’ credit and debit card numbers and 53 million email addresses, begins with case management session in federal district court in Atlanta.
  • Jan. 16. UK Prime Minister David Cameron meets with President Barack Obama in Washington to discuss, among other things, pressuring American companies like Twitter and Facebook to do more to assist British intelligence in tracking the online activity of Islamic extremists.

Upcoming Security Events

  • Jan. 22. Babarians at the Gate: Data Protection at Massive Scale. 2 p.m. ET. Black Hat webcast sponsored by PhishMe. Free with registration.
  • Jan. 29. From The Front Lines: Insights From Network Ops On The Global Threat Landscape. 11 a.m. ET. Webinar sponsored by Arbor Networks. Free with registration.
  • Feb. 4-5. Suits and Spooks. The Ritz-Carlton, Pentagon City, 1250 South Hayes Street, Arlington, Virginia. Registration: $675.
  • Feb. 6-7. B-Sides Huntsville. Dynetics, 1004 Explorer Blvd., Huntsville, Alabama. Free.
  • Feb. 7-8. #Disastertech Hackathon. Ernest N. Morial Convention Center, New Orleans. Registration: free, but limited to 50.
  • Feb. 10-12. International Disaster Conference and Exposition (IDCE). Ernest N. Morial Convention Center, New Orleans. Registration: government, nonprofit, academia, $150; private sector, $450.
  • Feb. 11. SecureWorld Charlotte. Harris Conference Center, Charlotte, North Carolina. Open sessions pass: $25; conference pass: $165; SecureWorld plus training: $545.
  • Feb. 19. Third Annual 2015 PHI Protection Network Conference. The DoubleTree – Anaheim-Orange County, 100 The City Drive, Orange, California. Registration: before Jan. 2, $199; after Jan. 1, $249.
  • Feb. 21. B-Sides Tampa. The Museum of Science and Industry, 4801 E. Fowler Ave., Tampa, Florida. Free.
  • Feb. 21. B-Sides Indianapolis. DeveloperTown5255 Winthrop Ave., Indianapolis, Indiana. Fee: $10.
  • March 4-5. SecureWorld Boston. Hynes Convention Center. Open sessions pass: $25; conference pass: $175; SecureWorld plus training: $545.
  • March 18-19. SecureWorld Philadelphia. DoubleTree by Hilton Hotel, Valley Forge, Pennsylvania. Open sessions pass: $25; conference pass: $295; SecureWorld plus training: $695.
  • March 24-27. Black Hat Asia 2015. Marina Bay Sands, Singapore. Registration: before Jan. 24, $999; before March 21, $1,200; after March 20, $1,400.
  • April 20-24. RSA USA 2015. Moscone Center, San Francisco. Registration: before March 21, $1,895; after March 20, $2,295; after April 17, $2,595.

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Cybersecurity

Technewsworld Channels