When it comes to protecting an organization from malware, it’s a constant game of cat and mouse, according to Sean Blenkhorn, the chief product officer for eSentire Inc., who recently published a report in partnership with Carbon Black titled “Threat Intelligence Spotlight: The Shifting Framework of Modern Malware”.
“The attackers always have what we call first-mover advantage. The reality is we’re always having to keep up with what they’re doing now,” said Blenkhorn in an interview with IT World Canada. “Attackers have gotten smarter and the tools and the capabilities are there to carry out the attacks.”
Among the most recent malware trends identified in the report are polymorphing malware, fileless attacks, and managed campaigns.
Managed campaigns have especially changed the landscape. Not only is malware more simple to execute than ever before, there are now tools to help bad actors manage their malware campaigns without the need for a majority of the skills that would have been required before.
“The infrastructure is set up. There’s kind of a black market within the adversary space where there’s folks that can own that infrastructure… to distribute new malware, new ransomware, more broadly. There’s an actual marketplace for that,” said Blenkhorn. “That means that it’s opened up to a much broader set of individuals that can leverage those.”
On top of all of that, the expanded availability of ransomware provides motivation for a much wider range of individuals as they can seek money as a ransom, instead of needing to be able to leverage value from the data they have managed to capture itself.
All of this put together adds up to a landscape that now includes many more bad actors that no longer need as many skills but are as equally motivated to steal your data.
“The introduction of ransomware has changed the paradigm. With ransomware, that was a major shift for them to be able to say ‘I don’t really care what your business does or the value of your information outside of your four walls. I know access to your systems is valuable to you. So if I restrict access to that, that’s a means to extort you financially.’ That certainly increases the people who are interested in getting into that because they see that as an easy win,” said Blenkhorn .
This is not to say that the battle is pointless for cybersecurity experts, he added.
Two of the main recommendations from the report – both of which Blenkhorn supports – are modern endpoint security platforms and applying multi-layer defense systems.
“Modern endpoint defense is essential. It is challenging for organizations, but it’s absolutely essential. With the malware and the threats that we’re seeing today, traditional antivirus can’t keep up with it. We need to look at the endpoint solutions that are falling into that next-gen category,” he said. “Endpoint alone is not a single point solution. You’ve got to layer that in… including endpoint, including end-user awareness, including email protection.”
Surprisingly, despite all of the high-tech advancements, one thing hasn’t changed. Malware is still most commonly entering systems through one of the oldest and most used entry points – email phishing. According to the survey, 67 per cent of malware enters systems through email.