More

    Top Global Threats for Q4 2011 Identified

    The proper security tools can prevent infection or stop outbreaks, mitigate or reduce losses from malicious events, and even decrease legal liability. These products can also often serve as an excellent source of information about what is happening in your enterprise. Regular review and understanding of the logs produced by these tools and services can enable you to benchmark what is normal and typical for your enterprise, which in turn provides a benchmark to spot unusual or atypical behavior that might indicate an advanced persistent threat or other intrusion.

    Correlating log information across various tools and services also provides a timely “pulse” of the threat landscape, which can sometimes have interesting associations to global non-malware-related events. Most importantly, regular review and understanding of the data can help uncover the elusive “black swan” — the types of surreptitious and malicious events that otherwise could fly below the radar.

    The Cisco Global Threat Report is a compilation of data collected across four core segments of Cisco Security: ScanSafe, Intrusion Prevention System (IPS), Remote Management Services (RMS), and IronPort. The report is published quarterly in the hopes that it will inspire and motivate you to perform your own in-house analysis on an ongoing basis.

    Top Global Threats for Q4 2011 Identified - slide 1

    Click through for results from the Cisco Global Threat Report for Q4 2011.

    Top Global Threats for Q4 2011 Identified - slide 2

    Enterprise users experienced an average of 339 Web malware encounters per month in 4Q11, a 205 percent increase compared to 4Q10.

    Top Global Threats for Q4 2011 Identified - slide 3

    An overall average of 362 Web malware encounters per month occurred throughout 2011, compared to a monthly average of 135 in 2010.

    Top Global Threats for Q4 2011 Identified - slide 4

    The highest rate of encounters occurred during September and October 2011 at 698 and 697 on average per enterprise, respectively.

    Top Global Threats for Q4 2011 Identified - slide 5

    An average of 20,141 unique Web malware hosts were encountered per month in 2011, compared to a monthly average of 14,217 in 2010. Despite the marked increase in average Web malware encounters in September and October 2011, the rate of unique hosts remained steady for those months.

    Top Global Threats for Q4 2011 Identified - slide 6

    The rate of unique Web malware (as determined by unique MD5 hash recorded) was considerably varied from month to month over the course of 2011. The highest volume of unique Web malware (491,750) occurred in November 2011. This sharp increase in November was immediately followed by an even sharper decrease in December 2011, in which only 49,239 unique Web malware were recorded for the month.

    Top Global Threats for Q4 2011 Identified - slide 7

    During 4Q11, 33 percent of Web malware encountered was zero-day malware not detectable by traditional signature-based methodologies at the time of encounter. The highest rate of zero-day malware blocks for the quarter occurred in November 2011.

    Top Global Threats for Q4 2011 Identified - slide 8

    The rate of SQL injection signature events remained fairly steady throughout 4Q11, with a slight decrease observed as the quarter progressed.

    Top Global Threats for Q4 2011 Identified - slide 9

    Denial-of-service (DoS) attacks also had a steady presence throughout 4Q11, but with a converse slight increase occurring as the quarter progressed. While once largely prank related, DoS attacks are increasingly politically and financially motivated.

    Top Global Threats for Q4 2011 Identified - slide 10

    The 2011 takedown of segments of Rustock, combined with multiple spam botnet takedowns in 2010, continues to have a positive impact on overall spam volume.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles