The average organization saw the download of 106 different unknown malware during every hour of 2014, a number 48 times bigger than 2013's 2.2 downloads per hour.
Moreover, from 2013 to 2014 new malware strains increased by more than 71 percent to 142 million, up from 83 million, according to Check Point's “2015 Security Report.” Of the downloaded malware, the company found that 52 percent of malware was contained in PDFs and three percent in Office files.
The creation of all this new malware might not have anything to do with newfound interest in the darker side of the Web. Instead, malware is becoming easier to create each year, wrote Juliette Rizkallah, vice president of global marketing at Check Point, in an email to SCMagazine.com.
For example, Check Point created 300 new malware strains through the selection of known malware files and by adding a null at the end of each PDF and doc file. The company also modified an unused header section on each executable file.
“This simple procedure turned the known malware into unknown malware, defeating existing signatures,” Rizkallah said. “This is exactly what we are seeing cybercriminals do on targeted networks. It has become very easy to create new malware, and this explains the staggering trend we are witnessing.”
Beyond facing threats of malware infections, Check Point found that cybercriminals' preferred attack vector this year was denial of service attacks. Sixty percent of enterprises experienced one in 2014, as opposed to 23 percent in 2013. The most common attack vector in 2013 was code execution, which came in third this past year after buffer overflow.
Forty-eight distributed denial-of-service (DDoS) attacks occurred every day in 2014. Again, Rizkallah attributed this trend to the relative ease with which hacktivists can deploy an attack, especially considering the number of available and cheap online tools.
The study also looked at mobile device security and found that 42 percent of organizations had a mobile security incident cost more than $250,000 in 2014, and 82 percent expected the number of incidents to increase this year. This stat pushed Rizkallah to call “bring your own device,” or BYOD, “bring your own doom."
“The blend of corporate and personal data makes it hard for IT professionals to protect sensitive data and the network in general,” she said. “Mobile security came as an afterthought in the smartphone and tablet explosion in the workplace, and everyone is now playing catch-up to ensure their security infrastructure includes the mobile infrastructure.”
Check Point's study took into account data from its security platforms.