3 ways malware is bypassing companies’ antivirus software

Most companies are using antivirus software, firewalls and other security tools to protect their networks. But attackers are constantly finding new ways to get around those controls. 

While there is an infinite number of ways organizations can have their data breached, one of the biggest threats is still malware entering the company’s network through a user’s computing device, according to the recent 2013 Cyber Security Security Survey, released by Bit9 and the Information Security Media Group.

Among the 250 organizations surveyed, 47% know they’ve suffered a malware attack in the past year. The majority of respondents (70%) said they’re most vulnerable through endpoint devices, such as users’ PCs.

The impact of those attacks ranged from minor to severe, with the organizations reporting:

  • Employee downtime (cited by 33% of respondents)
  • System downtime (32%)
  • Lost or compromised data (19%)
  • Lost money (15%)
  • An inability to deliver services or information (13%)
  • Damage to the organization’s brand (11%)
  • Breach of employee or customer privacy (11%)
  • Failure to comply with regulations (10%)
  • Theft of intellectual property (9%), and
  • Lawsuits (3%).

Nearly all organizations are using antivirus software, firewalls and other security tools to keep malware threats from getting onto their networks. So then how are all those security attacks occurring?

Some of the new attack methods hackers are using now include:

1. USB malware

A great number of the cyber security threats companies face come from the Internet and reach the network through users’ web-facing machines. That’s why a lot of the security tools companies use are focused on blocking those web-based security threats.

However, the Internet isn’t the only place malware can come from. In fact, among the companies surveyed by Bit9 who had been stung by a malware attack, 25% said the threat got onto the network from a USB device that a user plugged into a PC.

Those USB-based attacks are becoming more common, according to a report released earlier this year by McAfee.

In the first quarter of 2013, the security vendor discovered more than 1.7 million samples of malware that exploit computers’ USB autorun feature to install themselves on victims’ machines. That was a significant increase over the 1.3 million samples found in the last quarter of 2012, and nearly three times the 600,000 examples that were discovered a year ago.

Often, problems occur when employees use free USB drives they receive as promotional items — or when they use lost drives they pick up from the street.

Some of the steps IT can take keep malware from moving off of a USB drive onto the company’s network:

  • Disable USB ports for users who don’t need them
  • Disable auto-play for USB drives
  • Require storage devices to be approved by IT before they’re used, and
  • Train users not to use drives if they don’t know where they came from, and not to open unknown files contained on drives.

2. Attacks against remote users

Many companies rely on perimeter defenses designed to keep threats away from the internal network.

But as more work is being done remotely on laptops, smartphones and other devices, that means a lot of endpoints aren’t being protected.

According to Bit9’s report, 17% of malware infections occurred while an employee was using a device outside of the company’s network. Another 8% of respondents said an attack originated from an employee’s mobile phone.

Those attacks might give hackers access to sensitive data stored on the remote device, and the malware may spread once the employee returns to office and connects the device to the network.

What it means for IT: It’s important to make sure that all of the devices employees use are being protected regardless of their physical location. That includes both company-issued and employee-owned devices.

3. Malware antivirus programs can’t catch

Close to half (40%) of the companies surveyed that had been hit with malware attacks said the threats simply bypassed the antivirus systems the organization was using.

Recent tests have found that antivirus software is unable to detect many of the threats out there. The main issue is that those programs rely mostly on malware signatures for detection — that means a virus has to be labeled as dangerous before the software will be able to catch it.

Even when virus definition files are updated, there’s typically a lag between when a threat appears and when those signatures are created.

On top of that, cyber criminals are turning more toward sophisticated methods to avoid detection, such as creating specific malware meant to target a single organization.

What can companies do to improve their virus protection? One step is to make sure that antivirus programs are always kept up to date so they offer the best protection possible.

Many experts also say companies shouldn’t completely rely on antivirus applications for their security. It’s also critical to train users to avoid attacks and control network traffic to detect and block unwanted activity.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy