Malware Success Rates Demonstrate Enterprise Security Failures

A new report studying the success rates of malware attacks on enterprise suggests a failure among corporations to adequately protect their systems.

New research from SafeBreach, released in its Hacker’s Playbook Findings Report, analyzed 3,400 data breach strategies and 11.5 million conducted simulations. According to the report, malware attacks successfully infiltrated enterprises’ systems most of the time.

“In most cases, it seems organizations are continually implementing security controls, but not a cohesive defense strategy — and in some cases, ignoring risks altogether,” SafeBreach said in its announcement of the findings. In its research, SafeBreach simulated cyberattacks to replicate the current environment of cyber threats and enterprise security methods. Researchers studied which attacks were blocked, which were successful and other key trends in cybersecurity effectiveness.

The study found malware infiltration success rates hit nearly 60 percent for the top five malware types. It identified the Carbanak banking malware in particular, as well as “packing” or nesting malware, as reaching the top five in terms of success rates. Carbanak malware has reportedly stolen upwards of $1 billion from banks across the globe in just two years, according to reports in ZDNet, after researchers at Kaspersky identified it in 2015.

Last October, the publication said the group FIN7 was linked to the Carbanak Trojan, which uses spear phishing emails targeting banks and corporations, and “the group took advantage of poorly patched, network-misconfigured systems.”

SafeBreach’s own analysis drew similar conclusions about the shortcomings of enterprise security strategies. According to its report, the enterprise continues to rely on a mindset of “perimeter security” — focusing cybersecurity efforts on key endpoints, but not beyond them. In addition, threat scanning remains at “surface-level,” and organizations are placing too much trust in their internal systems.

“Malware was easily sent across network segments without being blocked, indicating that once attackers gain a foothold on a network, they can easily dominate an environment,” the report stated.

It also warned that ransomware is “running rampant” across the enterprise, and highlighted that the media frenzy surrounding this type of attack, most notably when it comes to Wannacry, is likely warranted.

Cybersecurity experts are still researching the Wannacry attack that affected more than 200,000 devices across 150 nations. The malware demanded payment of approximately $300 in bitcoin within 72 hours for targets to regain control of their systems. Vodafone and Telefonica were among some of its highest-profile targets.

When Wannacry hit, analysts noted its unique makeup.

“It is unusual for ransomware to have network worm capabilities,” said VirtualArmor vice president of managed services Andrew Douthwaite, a clear signal that cyberattacks are evolving.

According to SafeBreach, Wannacry saw the highest infiltration success rate (63.4 percent). The Petya ransomware attack, which came soon after Wannacry, saw the highest success rate in lateral movement within systems (69.4 percent).

“With very little scanning and far too much trust past endpoints, attackers have virtually free reign on the network,” the company said in its announcement, adding that ransomware and other cyberattacks like NSAEternalRocks experience a nearly 70 percent success rate when they move laterally within enterprise networks.

The report also found that “no one is watching the exits,” as organizations operate without outbound scanning, which means businesses are unknowingly allowing cyberattackers to extract data.

“The more things change, the more they stay the same is a truism that unfortunately typifies far too many an enterprise security posture,” concluded SafeBreach cofounder and CTO Itzik Kotler in a statement. “While the multitude of attacker tools and options — and the continuous drumbeat of compromise in the news — can be overwhelming, it doesn’t have to be an admission of defeat.”

According to researchers, organizations do not have to invest in expensive technologies and other tools to safeguard their systems. They found evidence that organizations’ security strategies can be vastly improved with merely a “simple tuning of protections.” The report highlighted the importance of ensuring cybersecurity strategies can address the speed with which attacks progress, and that cybersecurity tools are adequately configured to identify and stop attacks.

“In this latest round of research, one customer reduced attack success on the order of 60 to 70 percent without a single dollar of investment, and in just three weeks,” added Kotler.