IT security firm Webroot just released their 2016 Threat Brief. One of the highlights was that:
…97 percent of the malware encountered by its user base in 2015 was unique.
That means hackers are relying almost exclusively on malware that is constantly creating new variants to avoid detection by signature based anti-virus tools.
Webroot said the number of malware family variants skyrocketed from 14,000 in 2014 to 130,000 in 2015. Similarly, the number of observed family variants of adware, spyware and other unwanted non-malware apps jumped from 1,000 in 2014 to 90,000 in 2015.
This suggests attackers are making their code:
…more difficult to detect, using polymorphic distribution models and rapid new variant generation to circumvent traditional detection methods…
Meaning, the bad guys are working really hard to bypass endpoint security products to phish, social engineer, and otherwise exploit your end-user.
What’s the big takeaway? Detecting malware on your endpoints is almost a lost battle. It’s still worth doing, but your best next move is to get very good at detecting the consequences of bad infections: The attempted theft of money or data BEFORE it gets taken.
Ask yourself: What are the indicators of compromise? How can I detect them? Am I ready to respond at a moments notice?
If you don’t have these answers, you need to get them. Soon.
Please note: I reserve the right to delete comments that are offensive or off-topic.