Malicious Software (Malware) used in data breaches

According to the 2008 Data Breach Investigations Report malicious code (malcode/malware) contributed to nearly 1/3 of data breaches. I found it interested that they actually found malware on many more systems than just 1/3 but in those cases it wasn’t directly linked to the compromise they were investigating. They look at this other malware as an overall indication of the systems health.

Unlike several years ago, most of this malware (58%) was planted by the attacker directly. A far smaller percentage (27%) was installed either by email or network propogation (usually worms). Users infected their own systems through web based downloads 13% of the time (far fewer than I would have guessed) and physical installation accounted for 2%. This confirms a strong movement towards targeted attacks for the purpose of monetary gain.

An interesting point made in the article is that 25% of malware was customized where slight modifications were made to bypass anti-virus and other detection methods.

Another interesting point is this, and I believe it is stated so well I will quote “These programs either capture information to be harvested later, capture and then send information to a remote entity, or enable the attack to access and control the system. Among malcode observed during data breach investigations, the ratio of these functions was roughly equal and often seen in combination.”