Top Ways Modern Malware Defeats Your Defense and What You Can Do About It
Modern malware is more tenacious than you’ve perhaps been led to believe. You may have security software and a cutting-edge anti-malware solution to protect you from possible attacks. Unfortunately, modern malware can still sometimes defeat your defenses.
AV-TEST Institute says they register over 450,000 new pieces of malware and potentially unwanted applications daily.
So, what are the top ways modern malware defeats your defenses, and what can you do about it?
Top 5 Malware and How to Protect Against them
1. Polymorphic Malware Continually Transforms & Shapeshifts
Most anti-malware tools will only detect known malware signatures. Polymorphic malware, though, keeps mutating and shapeshifting to avoid early detection. Hackers can easily create new binary signatures with a few simple changes to the code.
This modern malware can bypass most security solutions, including email filtering, anti-virus applications, sandboxing, and even IPS/IDS. And, as with something like zero-day malware, attackers can easily exploit vulnerabilities before the vendor has had adequate time to deal with them.
What you can do about it:
- Keep your software up to date
- Avoid suspicious-looking links or attachments
- Use strong passwords and update them frequently
- Take advantage of behavior-based detection tools
2. File-Less Malware Executes in Run-Time Memory
File-less malware leaves no footprint on your computer and is executed exclusively in run-time memory. What does this mean? Essentially, file-less malicious activity is undetectable because most anti-malware tools only check static files and OS processes.
Anti-virus, sandboxing, UEBA, and IPS/IDS may not be able to protect you from file-less malware attacks.
What you can do about it:
- Invest in training for your employees
- Instruct them to be cautious of the links they click on (whether in emails or online) and to be in communication with the IT team about possible threats
- You can also take advantage of managed threat hunting services like Indusface WAS
3. Domain Generation Algorithms Modify Command & Control Address Details
An anti-malware solution will often block known Command & Control servers. Domain generation malware, though, can modify server address details with previously unknown addresses, making an attack harder to detect.
DGA malware signatures can beat sandboxing, EDR, and even secure web gateways.
What you can do about it:
- Analyze DNS logs and identify patterns in rubbish DNS entries left by DGA attacks
- Machine learning and Artificial Intelligence solutions are generally more efficient at handling this task as it can be time-consuming and difficult if done manually
4. Encrypted Payloads Encrypts Communication
Content scanning is a common method employed by anti-malware tools to protect you from sensitive data leaking out. Unfortunately, there’s a workaround for attackers, which involves encryption between infected hosts and Command & Control servers.
DLP, EDR, and secure web gateways are no match for encrypted payloads.
What you can do about it:
- Be diligent in scanning all downloaded files
5. Host Spoofing Hides the Destination of The Data
Host spoofing will spoof header information. As a result, the true destination of the data is obscured. So, even if your anti-malware solution defends against known Command & Control servers, attackers can get around it to hack into your system.
Sandboxing, secure web gateways and IPS/IDS are no match for host spoofing.
What you can do about it:
- Monitor your networks for unusual activity
- Deploy packet filtering to detect inconsistencies
- Use verification
- Authenticate IP addresses
- Use a network attack blocker and firewall
How To Detect Malware and Protect Yourself?
There are specific ways of dealing with different modern malware attacks. But there are also some general practices every company should adopt if they want to protect themselves from modern malware.
You can limit and minimize the impact of malware by:
- Utilizing multi-layer defenses. Protecting against modern malware is an ongoing effort, and rarely it is “set and forget.” Utilize multiple layers of security, including anti-virus software, network layer protection, secure web gateways, and other tools for best results. Keep improving your security processes.
- Implementing traffic analysis. Find anti-malware tools that maintain a holistic view of your entire network. Malware attacks often target entire networks for data theft, so focusing on one network area is simply insufficient and will leave you vulnerable to hacking.
- Harnessing big data. With zero-day malware, you must be able to draw from a large pool of data and information to identify patterns and detect malware. Leveraging big data allows you to “connect the dots” between seemingly unrelated activities.
Conclusion
Modern malware is often problematic. It takes advantage of weaknesses and exploits – you may not know anything about them at the least opportune moments. Even if you have the best defenses set up, you could be in trouble if you don’t continually monitor and adapt.
Use the above as a starting point to secure your network. Use a comprehensive multi-layer approach to security and update your employee training continuously.
Stay tuned for more relevant and interesting security articles. Follow Indusface on Facebook, Twitter, and LinkedIn