KnowBe4 Alert notifies IT managers of substantial drop in antivirus detection rates
KnowBe4, provider of the world's most popular security awareness training and simulated phishing platform, sent out a major alert warning IT departments to re-evaluate their current ‘safety net' of antivirus and spam filters. The antivirus industry's premier ‘insider site', Virus Bulletin (VB), released tests that identify how good or bad end point detection software is and shows a major drop in effectiveness for Jun-Dec 2016 over the same period in 2015. These RAP (reactive and proactive) tests measure both the vendors' ability to handle newly emerging malware and their accuracy in detecting previously known malware.
KnowBe4's CEO Stu Sjouwerman said, "Look at the quadrants for Jun-Dec 2015 and compare it to the most recent one for 2016. Note the fact that in 2015, the proactive detection is a bit spread out, but the midpoint hovers around 80 percent, and the reactive midpoint sits at roughly 90-95 percent." According to Sjouwerman, Reactive means they know this sample, have a hash, and can block it. Proactive means this is an unknown sample and the security software's heuristics need to recognize the malware behavior.
"Next, look at the same midpoints a year later for April-Oct 2016. The bad guys are winning. Note that reactive detection dropped a little bit and now clusters on the 90 percent line, but if you eyeball proactive detection, it has dramatically dropped to 67-70 percent. You would expect that with modern machine-learning techniques, proactive protection would improve, but it is going the opposite direction. By the way, if your AV is not listed in this report, the vendor declined to participate, and you can draw your own conclusions about why."
Martijn Grooten at VB commented on VB's most recent spam filter test that ransomware would be much worse if it wasn't for email security solutions, citing, "Many experts believe that ransomware is set to become an even worse problem in 2017 than it was in 2016 — which is rather bad news, given the damage it has already done."
"Still, the problem could be much worse: a test of security products performed by Virus Bulletin in November/December 2016 showed that at least 199 out of every 200 emails with a malicious attachment were blocked by email security solutions (or spam filters). Of course, the fact that spam is sent out in large volumes means that even a very low success rate is sufficient for attackers to make a good return on investment — and thus to cause a lot of damage."
Statistics, extrapolations and counting by the Radicati Group from February 2015, estimate the number of email users worldwide was 2.6 billion, and the amount of emails sent per day (in 2015) to be around 205 billion. Digital Marketing Ramblings (DMR) offers these other fascinating statistics on email, compiled in August 2015:
- The average office worker receives 121 emails a day
- Percentage of email that is spam: 49.7 percent
- Percentage of emails that have a malicious attachment: 2.3 percent
Simple math shows that 100+ billion spam emails are sent every day. Of those, 2.3 billion have a malicious attachment. One half of one percent (one in 200) of those makes it through the filters, showing a surprisingly high number of 11,500,000 every day, putting the potential for malware making it into a user's inbox into the millions, every day.
These numbers are just looking at malicious attachments, of which 93 percent are ransomware.
Sjouwerman noted, "Keep in mind that the bad guys are also very active with CEO fraud using a spoofed "From" email address. Even more important, the most vicious attacks (like the hacks into the Clinton campaign) were based on a simple social engineering spear phish. Your employees are your last line of defense."
Sjouwerman advises IT managers and organizations to "transform employees into a human firewall ASAP, and keep them on their toes with security top of mind by stepping them through new-school security awareness training which combines on-demand interactive, engaging web-based training with frequent simulated phishing attacks right in their inbox."
For more information or copies of charts referred to, visit the KnowBe4 blog.
KnowBe4, the provider of the world's most popular integrated new school security awareness training and simulated phishing platform, is used by more than 8,000 organizations worldwide. Founded by data and IT security expert Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO Fraud and other social engineering tactics through a new school approach to security awareness training. Kevin Mitnick, internationally recognized computer security expert and KnowBe4's Chief Hacking Officer, helped design KnowBe4's trainings based on his well-documented social engineering tactics. Thousands of organizations trust KnowBe4 to mobilize their end-users as a first line of corporate IT defense.