RSA 2016: Malware Still Prevalent on Corporate Network, Proofpoint Warns
Ryan Kalember, senior vice president of cybersecurity strategy for Proofpoint
It might seem cliché but the biggest vulnerability companies face today is not technological; it's human. Unfortunately, not much has changed in the past half-century.
Ryan Kalember, senior vice president of cybersecurity strategy for Proofpoint said during an RSA 2016 briefing that the challenges faced today of employees being victims of social engineering are no different than that faced by the U.S. government during the Cold War. In 1962 spies in the then-Soviet Union were able to place a device that transmitted conversations from the U.S. ambassador's private office simply by presenting then-Ambassador W. Averell Harriman a carved, wooden plaque of the Great Seal of the United States as a gift. An antenna and transmission technology was hidden within the plaque. The story goes that Harriman himself carried the plaque into this office.
Today, Kalember said, social engineering is one of three techniques commonly used to install malware into target systems. Another common source of malware introduction is through phishing attacks, generally that include either a malicious attachment such as a Microsoft Word or Excel file, or through an attack where the victim voluntarily provides the attacker with their network credentials.
According to internal research by the company, Kalember says, 99.7 percent of malware in attachment use infected macros and 98 percent include URLs that point to hosted malware. While 2014 was the year of the malware-infected LinkedIn invitations, 2015 was the year of malicious file sharing where links that looked like valid Dropbox or Google Drive sites actually were fakes and hosts of malicious files and malware.
While a large percentage of the infected email is downloaded early in the workday, generally between 8 a.m. and 10 a.m., more than a fifth of the malicious messages, 21.5 percent, are clicked by users who are off the network and thus not protected by the company's network security.
Another large source of malware are application stores that either are fake versions of the authorized Apple and Android stores or sites that offer “free” versions of popular fee-based games and applications. Some 75 percent of mobile breaches come from applications and not the operating system, he said. The hard part, however, is getting the user to download the malicious app. By far the largest number of malicious applications – 48 percent – is from domestic sites with 19 percent coming from the next most popular source country – China.
The answer, Kalember said, is to try on stop the malware before it gets on to the system. While education helps, he said, if a user is presented with multiple malware offers each day, eventually they will click on an infected link.