Advanced Cyber Attacks That Bypass Signature-Based Defenses Increase Dramatically; Growth In Infections Up Nearly 400 Percent

FireEye Advanced Threat Report Shows Explosion of Both Web- and Email-Based Attacks Targeting Enterprises and Government Agencies

FireEye®, Inc., the leader in stopping advanced cyber attacks, today announced the release of its 1H 2012 Advanced Threat Report. According to the FireEye report, the first six months of 2012 saw continued increases of malicious infection activity and an intensified danger of email-based attacks as cybercriminals increasingly employed throw-away domains to infiltrate enterprise networks.

The Advanced Threat Report is based on data from the FireEye Malware Protection CloudTM, a service powered by thousands of FireEye appliances, as well as direct malware intelligence uncovered by its research team. The report provides a global view into cyber attacks that routinely bypass traditional defenses, including firewalls, next-generation firewalls, intrusion prevention systems (IPS), gateways, and anti-virus (AV). Research from FireEye shows that over 95% of companies are compromised by advanced malware and most are not aware of the attack.

Key findings in the Advanced Threat Report include:

  • Explosive growth of advanced malware infections - According to the report, advanced malware that evades signature-based detection increased nearly 400 percent since 2011, to an average of 643 successful infections per week per company.
  • Intensified danger of email-based attacks - FireEye researchers saw 56 percent growth in email-based attacks in 2Q 2012 versus 1Q 2012. Additionally, malicious links were more widely used than malicious attachments in the last two months of the second quarter of 2012.
  • Increased use of dynamic, throw-away domains - FireEye saw a significant increase in dynamic links that were used five times or less. Originating from large-volume email-based attacks, links that were seen just once grew from 38% in the second half of 2011 to 46% in the first half of 2012.
  • Patterns of attack vary substantially by industry - Patterns of attack were radically different between the financial services, energy/utilities, healthcare, and technology industries. But one constant remains - industries with significant intellectual property or customer and financial data remain the primary targets as attacks increase.

"The results of this report make it even more clear that reactive signature-based defenses cannot prevent evasive strains of malware from making their way into the enterprise," said Ashar Aziz, FireEye founder and CEO. "Attackers continue to remain a step ahead of traditional defenses, so organizations must rethink their IT security architecture and implement appropriate security measures to prevent advanced cyber attacks such as zero-day attacks and advanced persistent threats (APTs)."

As cybercriminals develop and invest in advanced malware, enterprises must reinforce their traditional defenses with a new layer of dynamic security that is able to detect unknown threats in real-time, thwarting malware communications back to command and control servers and blocking data exfiltration. This extra layer of defense needs to be designed specifically to fight the unknown and zero-day tactics common in targeted attacks and APTs.

For a full copy of the Advanced Threat Report, please visit

About the FireEye Malware Protection Cloud

The FireEye Malware Protection Cloud offers real-time security data sharing among interconnected FireEye appliances deployed within customer networks, technology partner networks, and service providers around the world. This worldwide cloud shares auto-generated malware security intelligence, such as exploit tactics, malware signatures, and covert callback channels, as well as findings from the FireEye Malware Intelligence Lab.

About FireEye, Inc.

FireEye is the FireEye solutions supplement traditional and next-generation firewalls, IPS, anti-virus, and gateways, which cannot stop advanced threats, leaving security holes in networks. FireEye offers the industry's only solution that detects and blocks attacks across both Web and email threat vectors as well as latent malware resident on file shares. It addresses all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis to detect zero-day threats. Based in Milpitas, California, FireEye is backed by premier financial partners including Sequoia Capital, Norwest Venture Partners, and Juniper Networks.

Media Contact


Lisa Matichak



Katherine Nellums


# # #

FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.