IT secu­ri­ty firm Web­root just released their 2016 Threat Brief. One of the high­lights was that:

…97 per­cent of the mal­ware encoun­tered by its user base in 2015 was unique.

That means hack­ers are rely­ing almost exclu­sive­ly on mal­ware that is con­stant­ly cre­at­ing new vari­ants to avoid detec­tion by sig­na­ture based anti-virus tools.

Source: Wikipedia

Web­root said the num­ber of mal­ware fam­i­ly vari­ants sky­rock­et­ed from 14,000 in 2014 to 130,000 in 2015. Sim­i­lar­ly, the num­ber of observed fam­i­ly vari­ants of adware, spy­ware and oth­er unwant­ed non-mal­ware apps jumped from 1,000 in 2014 to 90,000 in 2015. 

This sug­gests attack­ers are mak­ing their code:

…more dif­fi­cult to detect, using poly­mor­phic dis­tri­b­u­tion mod­els and rapid new vari­ant gen­er­a­tion to cir­cum­vent tra­di­tion­al detec­tion meth­ods…

Mean­ing, the bad guys are work­ing real­ly hard to bypass end­point secu­ri­ty prod­ucts to phish, social engi­neer, and oth­er­wise exploit your end-user.

What’s the big take­away? Detect­ing mal­ware on your end­points is almost a lost bat­tle. It’s still worth doing, but your best next move is to get very good at detect­ing the con­se­quences of bad infec­tions: The attempt­ed theft of mon­ey or data BEFORE it gets tak­en.

Ask your­self: What are the indi­ca­tors of com­pro­mise? How can I detect them? Am I ready to respond at a moments notice?

If you don’t have these answers, you need to get them. Soon.