IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Advanced attacks are the new normal, experts claim

Malware techniques are becoming ever more sophisticated, according to Websense

Hackers

Malware attacks are becoming increasingly sophisticated, with the old scatter-gun approach of generalised mass spam emails being abandoned in favour of more targeted attacks.

This is one of the findings of Websense's annual threat report, which this year has focused on what motivates hackers to carry out cyber attacks.

Carl Leonard, senior manager at Websense, told IT Pro: "What this really means is that the majority of attacks we are seeing now are advanced in that they are able to bypass existing security systems."

"Attackers only have to make minor tweaks to their methods to be successful."

The researchers claim to have identified a distinct seven-step kill chain' in the malware delivery process, starting with reconnaissance, followed by a lure, a redirect, arriving at the exploit kit, the malicious file being dropped, which then calls home' back to the attacker, followed by ultimately the data theft.

While data theft was the common goal of many attacks, the motivation varied significantly, from financial gain to destroying a company's competitive advantage to stealing state secrets, according to the research.

Leonard added that attacks now are often very covert, often using driveby' techniques to deliver a malicious payload via a compromised website, which a user may browse onto.

An additional obfuscation technique used by attackers is to redirect a victim several times normally four but occasionally up to 20 to make both the attack and the attacker harder to trace.

A further change in the threat landscape has taken place following the arrest of the alleged creator of the infamously popular Blackhole exploit kit, known as Paunch.

Initially, cyber criminals largely abandoned exploit kits, having been spooked by the arrest. However, shortly afterwards, they turned to alternatives, particularly Magnitude and Neutrino, which have seen a significant increase in usage.

"Advanced attacks really are the new normal," said Leonard.

"In order to protect themselves, organisations need to look at the kill chain model and raise the bar at each level to ensure they are protected," he concluded.

The full report can be downloaded from the Websense website.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Researchers demonstrate how to install malware on iPhone after it's switched off
Security

Researchers demonstrate how to install malware on iPhone after it's switched off

18 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022