Hackers target government security more than other industries

Federal government agencies were targeted by the highest number of unique malware families during 2013, research from security vendor FireEye has found.

The company's FireEye Advanced Threat Report: 2013 analysed over 39,000 unique cyber security incidents monitored during the year, and found almost 18,000 unique malware infections due to advanced persistent threats (APTs) that had snuck through organisations' defences to plant malware on their client devices.

Federal government bodies were targeted by 84 of the 159 malware families documented by FireEye during the year.

State and local government bodies (52 families) were also frequently targeted, ranking eighth on a list in which services and consulting (81), technology (80), financial services (79), telecommunications (65), education (61), and aerospace and defence (58) rounded out the top eight.

'Watering hole' attacks, which strike visitors to popular Web destinations based on hackers' knowledge of the type of victim they are trying to hit, were used particularly frequently by APTs targeting US government Web sites.

The research also showed that attackers were regularly finding “creative ways” to detect and work around the limitations of virtual malware 'sandboxes', which are increasingly being used to try to manage and isolate malware's behaviour.

“Sandboxes make an attacker's job more difficult (and therefore more expensive) by requiring at least two exploits,” the report says. “One is to obtain code execution, and another to bypass the sandbox....Even given these increased challenges, it is clear that attackers still find a sufficient return on investment to devote the time, energy, and resources required to bypass sandboxes altogether.”

FireEye also tracked zero-day campaigns run during 2013, with Internet Explorer (IE) targeted by 37 percent of attacks and Java (23 percent), Flash (23 percent) and Adobe Acrobat Reader (15 percent) making up the rest.

The high proportion of IE-related attacks was enough to make IE “the single most dangerous zero-day attack vector in 2013,” FireEye reported, noting that the proliferation of old versions of IE – for example, v7 and v8 widely used in established environments – “could be due to the security enhancements in newer versions of Windows and Internet Explorer”. – David Braue