FireEye Advanced Threat Report 1H2011

Our new 1H 2011 Advanced Threat Report is out!  It is our inaugural report and I think you will find it interesting because it is uniquely focused on the new and dynamic threats. We have thousands of appliances protecting organizations around the world, and they are deployed _behind_ firewalls, intrusion prevention systems, antivirus and Web gateways. So, the threat data we reviewed in this report are the _successful_ malware attacks breaking through traditional defenses.

This report really illuminates the sophistication of the new breed of cyber-attacks and the success cyber criminals are having penetrating today’s corporate networks.  Based on 1H 2011 data, we found a significant gap in today’s enterprise IT defenses. After reviewing hundreds of thousands of infection cases, 99% of enterprises had  malicious infections in their network. Plus, 80% of the enterprises facing more than a hundred new infections per week.  The bottom line: Today’s existing traditional enterprise IT defenses are not keeping up with highly dynamic, multi-stage attacks that cyber-criminals now use to attack today’s enterprises and federal agencies.
We highlight the top infections for 2011, and the (not-so-surprising) fact that attackers continue to rely on customized malicious code toolkits to develop and distribute their threats. The “Top 50” malware families account for over 80% of successful infections seen in the wild. Please have a read of the threat report and let us know if you were surprised by our findings and other interesting malware research topics you'd like to hear more about.

One thought on “FireEye Advanced Threat Report 1H2011

  1. Good report. I would like to see more information about the top malware variants, including FakeAV/ FakeRean. Something like figure 7, but across the board.
    I would also like to see data on number of callbacks that were POSTing vs. GETting if that data is available.

Comments are closed.