Even though malware detection and containment have improved a lot since 2015, malvertisement are still a lot cheaper and difficult to contain, says a report from security firm Trustwave.
It costs only $5 to infect 1,000 machines with malvertisement with most of them using obfuscation and encryption techniques to evade detection.
The latest 2017 Trustwave Global Security Report has some good as well as bad news for the cyber security industry. The good news is that malware detection rates have improved by quite a margin. While it took 80 days on an average in 2015 to detect malware, it takes only 49 days now.
Malware attacks behind 2016 Ukrainian power outage, researchers reveal
On the other hand, malware containment hasn't improved at all since 2015. The average time between a malware intrusion and its containment is now 62 days, down from 63 two years ago.
"As our data breach investigations and threat intelligence show attackers continue to evolve their tactics and focus on extreme paydays as cybercrime becomes more like genuine businesses," said researchers at Trustwave.
The report further mentions that malvertisement are now so cheap that it costs only $5 to infect 1,000 machines, the same as a meal deal from a supermarket. The report adds that of all malware disguised as advertisements, 83% use obfuscation and 36% use encryption techniques to evade detection.
"As an industry, we must continue to focus on key areas like threat detection and response, security scanning and testing and cloud security services that provide meaningful layers of protection from constantly evolving threats,” the researchers concluded.
EternalRocks: If you thought WannaCry was bad, this is worse
Aside from personal computers, office servers, and IoT devices, modern malware is also being used to target critical infrastructure systems. For example, hackers used a malware named Industroyer to attack the Ukrainian power grid last year and cause a widespread power outage. Experts fear similar malware can be used in the future by hackers to conduct cyber-attacks on critical infrastructure in more countries.
"The emergence of large-scale malicious campaigns targeting industrial enterprises indicates that black hats see this area as promising. This is a serious challenge for the entire community of industrial automation system developers, owners and operators of such systems, and security vendors. We are still remarkably languid and slow-moving in most cases, which is fraught with dangers under the circumstances," said researchers at Kaspersky Labs.