Modern malware is more tenacious than you’ve perhaps been led to believe. You may have security software and a cutting-edge anti-malware solution to protect you from possible attacks. Unfortunately, modern malware can still sometimes defeat your defenses.
AV-TEST Institute says they register over 450,000 new pieces of malware and potentially unwanted applications daily.
So, what are the top ways modern malware defeats your defenses, and what can you do about it?
Most anti-malware tools will only detect known malware signatures. Polymorphic malware, though, keeps mutating and shapeshifting to avoid early detection. Hackers can easily create new binary signatures with a few simple changes to the code.
This modern malware can bypass most security solutions, including email filtering, anti-virus applications, sandboxing, and even IPS/IDS. And, as with something like zero-day malware, attackers can easily exploit vulnerabilities before the vendor has had adequate time to deal with them.
What you can do about it:
File-less malware leaves no footprint on your computer and is executed exclusively in run-time memory. What does this mean? Essentially, file-less malicious activity is undetectable because most anti-malware tools only check static files and OS processes.
Anti-virus, sandboxing, UEBA, and IPS/IDS may not be able to protect you from file-less malware attacks.
What you can do about it:
An anti-malware solution will often block known Command & Control servers. Domain generation malware, though, can modify server address details with previously unknown addresses, making an attack harder to detect.
DGA malware signatures can beat sandboxing, EDR, and even secure web gateways.
What you can do about it:
Content scanning is a common method employed by anti-malware tools to protect you from sensitive data leaking out. Unfortunately, there’s a workaround for attackers, which involves encryption between infected hosts and Command & Control servers.
DLP, EDR, and secure web gateways are no match for encrypted payloads.
What you can do about it:
Host spoofing will spoof header information. As a result, the true destination of the data is obscured. So, even if your anti-malware solution defends against known Command & Control servers, attackers can get around it to hack into your system.
Sandboxing, secure web gateways and IPS/IDS are no match for host spoofing.
What you can do about it:
There are specific ways of dealing with different modern malware attacks. But there are also some general practices every company should adopt if they want to protect themselves from modern malware.
You can limit and minimize the impact of malware by:
Conclusion
Modern malware is often problematic. It takes advantage of weaknesses and exploits – you may not know anything about them at the least opportune moments. Even if you have the best defenses set up, you could be in trouble if you don’t continually monitor and adapt.
Use the above as a starting point to secure your network. Use a comprehensive multi-layer approach to security and update your employee training continuously.
Stay tuned for more relevant and interesting security articles. Follow Indusface on Facebook, Twitter, and LinkedIn
This post was last modified on August 21, 2023 13:01
A Managed WAF is a comprehensive cybersecurity service offered by specialized providers to oversee, optimize,… Read More
Explore crucial tactics like Asset Inventory, Patch Management, Access Control & Authentication, and additional best… Read More
Delve into the data privacy questions including consent protocols, data minimization strategies, user rights management,… Read More