The Accelerating Evolution of Malware
Being on the front lines of the fight against cybercriminals, CIT has a unique view of the evolving malware battlefield. We partner with FBI and US-CERT to exchange information on the changes that, as an industry, we see in this rapidly evolving area.
Using data provided by US-CERT, the last year has brought several material changes in the attack vectors employed by malware authors. This includes further weaponization of malware frameworks with a dramatic increase of Malware-as-a-Service.
These targeted attacks lower the overhead and need for technical knowledge of would-be attackers. By simply paying a fee (typically in Bitcoin) prospective attackers can both gain access to customized malware intended for a specific target – such as a specific business or individual – and access to massive botnets and malvertising networks to carry out an attack.
This trend eclipsed Watering Hole attacks but fell short of overtaking Phishing as the most prevalent means of initial compromise.
Ransomware, as expected, continued to display strongly accelerating growth both in terms of number of variants and in the number of victims. Malware risks continue to evolve at a breakneck pace that is keeping-up (and sometimes outpacing) with the pace of development cycles of most commercial software packages.
So how can businesses protect themselves against the evolution of malware? Implementing many common-sense tactics can yield strong results for businesses.
- Controlling what is permitted onto the corporate network
- Maintaining an active and managed patching strategy for all network-attached devices
- Hardening all network-attached systems to both prevent exploitation but also limit lateral movement within a network zone
- Ensure that appropriate network-level controls are in place such as IDS with deep packet inspection, firewalls, and network segmentation
- Maintain centralized logging that is compliant with regulatory authorities
- Maintain adequate data backups that both comply with applicable regulatory authorities and your organizations MBCO, RTO, and RPO.
While no single solution is bulletproof or a guarantee against a successful attack, these techniques will deliver an organization a greater level of visibility from which to detect anomalies and log data from which they can reverse-engineer the attacker’s footsteps and patch the original hole that permitted a successful attack.
Mitigation, Monitoring, and Response are the best practices to mitigate the damaging effects of a Malware attack.