Threats 101
Jonathan Crowe
Mar 2016

Cyber Attacks Are Not Unique Snowflakes

Photo by: Aaron Burden

At first glance, the stat can seem like a typo:

Over 390,000 new malware programs are reported and classified every day.

Tweet this stat

But according to research conducted by the AV-TEST Institute, not only is that number very real, it's also just a select snapshot that only hints at the much bigger picture. To get a better sense of the full scope of malware production these days, you really need to zoom out and look at how much it has absolutely exploded over the past few years.


Between 2012 and 2014, the number of new malware samples AV-TEST registered skyrocketed over 10x. The institute didn't see anything close to that level of exponential growth from 2014 to 2015, but it still registered over 140,000,000 new malware samples. This year, we're on pace to see that number increase to 156,000,000. 

To say these numbers are overwhelming ranks right up there with, "Gee, that Star Wars movie did okay at the box office," as the understatement of the year. 

How in the world can we be expected to defend our companies against that kind of onslaught? Especially when all it takes is one piece of malware slipping past to result in an extremely damaging event?

Reframing Cybersecurity as a Winnable Battle

The good news is that while each one of those 390,000 pieces of malware registered every day may be unique in terms of its signature — think of that as the malware's fingerprint — what is almost always not unique is the way each of them operate. 

In fact, many of those "new" malware programs being registered are actually just variants of existing malware. Their fingerprints may have changed, but they still perform the same basic functions as their predecessors. 

But the same can even be said of never-before-seen malware programs. Just because they haven't been detected and registered before doesn't mean they operate in a completely different way. 

To put it another way, there may be an avalanche of malicious programs out there, but in terms of basic functions, the vast majority of them are very much paint-by-numbers.

Once you take that into account the challenge of cybersecurity shifts, and suddenly the scales don't seem quite so tipped in the attackers' favor. No longer are you faced with the Herculean task of prepping your defenses against hundreds of millions of varieties of malware. Instead, you can focus on learning how to recognize and stop the limited variety of behaviors and tactics all those pieces of malware rely on during their attacks. 

Teach me to spot a signature and I can stop one piece of malware. Teach me to spot malicious behavior and I can stop millions. 

Tweet this quote

Verizon's Data Breach Digest: The Most Common Ways Data Breaches Play Out


That's essentially the same heartening takeaway we get from Verizon's Data Breach Digest, a fascinating look inside 18 of the Verizon security team's actual data breach investigations.

Looking back on hundreds of data breaches they were called in to mitigate, the Verizon team discovered that the majority played out in just 12 different ways. 

"Our research suggests that, at any given time, the vast majority of incidents fall into a small number of distinct scenarios and, as such, there’s an enormous amount of commonality in cyberattacks."

— John Grim, Senior Security Specialist, Verizon RISK Team Lead

That's good news. It means by focusing on preventing even just a dozen common scenarios a company can reduce the risk and likelihood of a data breach dramatically. Viewed that way, effective cybersecurity starts to feel far more approachable and attainable. 

Here are 18 common tactics the Verizon security team found present in the data breaches they investigated:

(click chart to expand)

Verizon_Data_Breach_Stats3.pngNote: It's important to recognize that several tactics can be involved in a single attack. That's a point also driven home by the two charts below: 

(click chart to expand)


According to the Verizon team's analysis, four out of five data breaches involve cyber criminals either stealing access credentials or conducting brute-force attacks to guess easy-to-crack passwords.

From a security standpoint, that makes identity access management (IAM) best practices and the use of solutions such as two-factor authentication and password managers very instrumental in disrupting attacks. 

At the same time, attacks very rarely consist of a single stage. In any one data breach scenario criminals will often leverage multiple techniques and tactics to get around defenses. In many of the cases Verizon investigated, malware and social tactics made for a particuarly potent one-two punch. 

(click chart to expand)


Exploiting the Commonalities in Malware and Cyber Attacks 

Criminals have long exploited their knowledge of how organizations and their security systems work to create more effective attacks. With the data gathered from security researchers and reports like Verizon's Data Breach Digest we can begin to turn the tables by identifying common attack techniques, utilizing that knowledge to break them down and disrupt them.

By teaching users how to spot a popular phishing tactic, for example, we can effectively prevent an entire swath of attacks. By enforcing a stricter USB drive policy we can take away a crucial delivery method that a wide variety of attacks rely on. And so on.

This is the type of approach we're utilizing at Barkly to develop more effective endpoint protection. Rather than chase after every single new piece of malware criminals spin off so we can create a signature and add it to a black list, instead we're focusing on identifying and blocking the common behaviors malware rely on to function. 

Take those away and cybersecurity stops feeling like a game of whack-a-mole. Or, to tie it back to the title of this post, it stops feeling like we're running around trying to catch every falling snowflake on our tongues.  

Interested in learning more about our approach? Learn more about how Barkly stops new and sophisticated cyber attacks here. 

Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical perspective.


Close the gaps in your security

See how Barkly’s Runtime Malware Defense blocks attacks other solutions miss.

See a demo


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.