Skip to main content

The Evolution of Malware and Security Compromise

April 09, 2014

Malware is evolving and changing at an unprecedented rate. The fact is that 95% of all organizations have been compromised, without their knowledge, in the last two years. This means that that data could be walking out the door right under their noses. To make matters worse, the capabilities of these threats are increasingly moving away from hijacking our resources to being destructive and costing organizations millions.

How has this happened?

There are two primary reasons this has occurred. The first is a result of security getting better (ironically). In the past, a hacker would try to find an open port on a firewall or an open exploit on a vulnerable operating system that they could break into. However, over the last 10 years, most of those holes have disappeared. This meant coming in through the front door was no longer an option. More sophisticated approaches, such as spear fishing and human engineering, are now used to trick users into bringing malicious software into the network. Now, no matter how tight the front door is, the back door is pretty much wide open, especially with today’s modern mobile workforce.

The second reason is that the security platforms that did work have not evolved. Most firewalls protect the perimeter and inspect data at the port level, stopping at layer 4. Anti-Virus software updates definitions on a daily basis and protect the endpoint from infection, should something get past the firewall. These technologies have worked this way since the early 2000’s and matured to the point that they worked exactly as they should. The focus has been the payload. The issue is that the bad guys have found ways to get their software in and your data out, right under the nose of your fortified security infrastructures. Today’s malware is zero day, infecting systems before DATs exist. Even worse they can be polymorphic, regenerating copies of themselves instantly, rendering endpoint AV software useless. They also realized that most, if not all enterprise networks expect to see HTTP, HTTPS and DNS traffic moving in and out of the network on a regular basis. New exploits leverage these common protocols for communication, getting right by the port based, stateful firewall.

In order to protect ourselves, knowledge is power. The entire lifecycle of a potential threat must be guarded against from the perimeter to the private trusted network, down to the endpoint. Visibility must be end to end, to the bits that are moving through the pipes. The most crucial challenge is that now the end user is the weakest link. Human error is exploited to get in, this means that there is virtually no way to completely ensure that malware will not get into our private networks. We now have to assume that it will, as well as have the proper measures to prevent it from causing any harm.

5 Steps Modern Malware

Technologies that need to be reviewed are listed below.

  • Next generation firewall (app aware/layer 7)
  • East West layer 7 visibility
  • Next generation web and mail security
  • IPS/IDS
  • Sandboxing
  • Endpoint Protection

Modern threats have moved well beyond the payload.  We now need to ensure that our security measures provide the visibility to see these new invisible threats.

Attack Stages Modern Malware 2

Related Blogs

January 20, 2014

POS Malware - A Long-Term Mitigation Solution | Optiv

It has been reported that the KAPTOXA operation responsible for recent breaches to two major retailers – and potentially more – utilized a variant of ...

See Details

February 03, 2014

Intel Brief - ChewBacca Malware

On December 17, 2013, Kaspersky Lab Expert, Marco, posted a blog that identified a new piece of malware that was utilizing Tor-based communications. W...

See Details

January 08, 2014

What Lurks in Your Network? Finding & Combating Undetected Malware

For the past 19 months, I have been in charge of the Incident Management (IM) team for FishNet Security, handling digital investigations and proactive...

See Details

Interested in Receiving Communications?


Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.