TMCnet News

Q3 State of Infections Report Reveals 57% Increase in Backoff Malware from August to September
[October 24, 2014]

Q3 State of Infections Report Reveals 57% Increase in Backoff Malware from August to September


ATLANTA --(Business Wire)--

Damballa, the experts in advanced threat protection and containment, today released its Q3 State of Infections Report highlighting the extent to which malware infections, such as Backoff malware, are able to bypass network prevention controls. The report reveals the ongoing challenges faced by security teams in managing a mountain of security events and the positive impact of taking measures which can identify the true positives within these alerts.

The report was compiled from analysis of traffic from global ISPs and enterprise customers.

Key findings from the report:

32% rise in events from Previous Quarter

The report addresses one of the biggest challenges facing IT Security teams, that of identifying the genuine attacks - the 'true positives' - in amongst the mountain of security alerts. During Q3 2014, Damballa observed that the 'noisiest' enterprises experienced some 138,000 events in a day; a 32% increase from Q2 2014, with customers experiencing an average of 37 infected devices a day.

Encouragingly, however, Damballa observed a 40% reduction in daily infections, compared with the previous quarter, amongst customers who proactively remediated assets presented as true positives - with automatic incident detection through evidence correlation, true positive confirmation and risk ranking.

Spikes in POS Malware

During Q3 2014, in environments where POS traffic is inspected, Damballa detected a massive 57% increase in infections of Backoff from August to September an a 27% increase from September to the end of the month. Backoff, a new breed of extremely targeted POS malware, is reported to have infected 1,000 businesses* including Kmart and Dairy Queen.



The increase is notable as it highlights that the malware had bypassed network prevention controls and was active, yet hidden, in the network.

This spike in POS malware activity also underscores the need for enterprises to ensure that POS traffic is visible either through a centralised network or site-to-site VPN so that advanced threat detection systems can quickly detect hidden network infections.


Brian Foster Damballa CTO comments: "Fundamentally, these figures show that prevention controls cannot stop malware infections. POS malware and other advanced threats can, and will, get through so we can't simply build the walls around the network higher. And for security teams, faced with the trawling through a tsunami of events every day, manually correlating these to find the 'true positives' is simply not feasible.

He continues: "Instead, organisations need to focus on building better intelligence to know where the real threats are. The encouraging news is that automatically correlating evidence, can have a significant impact in reducing the number of infected devices within the network. We'd advise enterprises to be prepared, to get ahead by assuming that they will be compromised, and take proactive measures to be ready to remediate."

*https://www.us-cert.gov/ncas/alerts/TA14-212

The Full State of Infections Report can be downloaded at https://www.damballa.com/state-infections-report-q3-2014/.

About Damballa

As the experts in advanced threat protection and containment, Damballa discovers active threats that bypass all security prevention layers. Damballa identifies evidence of malicious network traffic in real time, rapidly pinpointing the compromised devices that represent the highest risk to a business. Our patented solutions leverage Big Data from the industry's broadest data set of consumer and enterprise network traffic, combined with machine learning, to automatically discover and terminate criminal activity, stopping data theft, minimizing business disruption, and reducing the time to response and remediation. Damballa protects any device or OS including PCs, Macs, Unix, iOS, Android (News - Alert), and embedded systems. Damballa protects more than 400 million endpoints globally at enterprises in every major market and for the world's largest ISP and telecommunications providers. For more information, visit www.damballa.com, or follow us on Twitter (News - Alert) @DamballaInc.


[ Back To TMCnet.com's Homepage ]