After years of dire news, there are signs that cybersecurity measures are making headway against intrusions and malware attacks. Online intrusions are getting detected more quickly. It took FireEye, a major cybersecurity firm, a median of 56 days last year to discover an intrusion. That’s three weeks faster than the previous year. FireEye also says outside threat hunters are getting better at identifying malicious targeting.
In the 12 months through Sept. 30, FireEye said its threat hunters and law enforcement detected 53% of malware attacks, as opposed to the victim identifying them, the first time in four years that outside detections exceeded internal ones. But the cat-and-mouse struggle doesn’t get any easier. The bad guys innovate, too. They created 500 new malware families in the same period, accounting for 41% of malware families seen by FireEye researchers. And they are increasingly turning to ransomware, scrambling an organization’s data — and demanding payment. In fact, that could have contributed to the drop in dwell time. In terms of motivation, FireEye said 22% of targeted intrusions sought to steal intellectual property or were for espionage. It said 29% likely sought direct financial gain, through extortion, ransom, card theft or illicit financial transfers.