Malware Remodeled

Uploaded on 2015-06-01 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

McAfee-Black-Hat-Survey-Images-v3b.png

McAfee Labs detects 387 new samples of malware every minute, according to their Labs Threats Report, 2015.  Malware is getting through enterprise defenses as attackers code new strains and re-clothe old ones in order to thwart information security tools. The malware they aim at mobile devices is maturing, usurping authority over employee hardware and leveraging that control to leap inside the perimeter.
The trend is for malware to leave minimal traces. “Attackers are trying to maintain a low profile to eliminate their chances of detection,” says Paul Morville, Founder and vice president of Products Confer, a start-up that lays claim to end-point detection and response market. 
Meanwhile, the increasing numbers of variants up the odds that one will infiltrate the enterprise network and grow deep into its heart as an APT. “Malware authors keep the target moving by creating large numbers of variants, and this can increase their chances of reaching target victims. Such morphing threats can increase the complexity in isolating the malicious code across all end points,” says Craig Schmager, Security Threat Researcher, McAfee Labs.
Malware also focuses on the employee’s BYOD laptop or smartphone when it connects to unsecured networks outside the enterprise. “These attacks are more sophisticated and attackers are using the employee as the leverage point to gain entry inside the organization,” says Morville.
Attackers infect employee devices to steal usernames and passwords that access financial accounts within the company. They also use employee laptops to get inside the perimeter and drill their way through systems and into servers housing valuable data such as intellectual property.
Even security tools are suffering. Attackers are thwarting signature-based security mechanisms with custom-compiled malware that they repackage from existing malware to create unique drive-by downloads that signature-based tools won’t recognize, according to Rich Tener, director of Security, Evernote. The malware inside is basically the same, but the signature is unique and previously unrecorded.
The cloud has given signature-based tools a boost. By storing the growing numbers of new virus and malware signatures in the cloud, the enterprise can take some of the load off of endpoints and endpoint-based anti-virus and anti-malware tools, enabling these tools and signatures to hold up under the pressure of multiplying malware examples.
With the glut of new malware appearing daily in the wild, enterprises must use behavioral analysis tools. These can include an EDR. EDRs help to mitigate employees as an attack vector when they connect their laptops to networks outside the enterprise. The best EDR tools strive to offer more thorough analysis for threat detection and more thorough response in order to remediate infections and to uncover and address seeds of infections.
Enterprises should continue to protect the network as well as the endpoints. “We use an open-source security monitoring stack that includes Bro, a network analysis framework, Suricata, a network IDS with full packet capture, and Arugs, a NetFlow engine. We also complement that with Palo Alto Wildfire, a commercial, network-based malware detection engine with an on-board anti-virus engine,” says Tener. Similar products come from Cisco and Symantec.
Organizations should also use VPNs, firewalls, and load balancers in concert to protect enterprise infrastructure. “We use these to control what services we expose to the Internet, to segment our production network from the rest of our computing infrastructure,” says Tener. By controlling access to the production environment with strong authentication tools, the enterprise can maintain a healthy separation between prized data and external threats.
Rather than using WAFs and other web application security tools, fix the vulnerabilities in the applications in order to maintain a tight grip on security. “Our experience has been that web application firewalls and runtime analysis tools introduce a lot of operational overhead, both in computing resources and engineering time to constantly tune them,” says Tener.
Enterprises should be able to maintain an acceptable level of mitigation of the multiplying numbers of malware examples after considering these and other security measures and applying the most appropriate combination for their needs.
CSO:  http://bit.ly/1d8X9iM

« Will Open Source Save the Internet of Things?
Obama Authorizes Sanctions Against Hackers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CommuniTake

CommuniTake

CommuniTake builds security, enablement, and management solutions to provide people and organizations with better, and more secure mobile device use.

Labris Networks

Labris Networks

Labris Networks specializes in DDoS mitigation, NG Firewall, Unified Threat Management, Centralized Management, Regulatory Compliances and SOC/CERT Services.

Wolfpack Information Risk

Wolfpack Information Risk

Wolfpack specialise in information and cyber threat management covering the full spectrum of prevention, detection, incident response and business resilience capabilities.

Network Box

Network Box

Network Box is one of the world's leading Managed Security Service Providers.

X4 Technology

X4 Technology

X4 Technology is a leader in finding the very best technology talent for some of the world’s most innovative start-ups and globally recognised brands.

AUTOCRYPT

AUTOCRYPT

AUTOCRYPT is a mobility security provider dedicated to the safety of future transportation

DataViper

DataViper

Data viper is a threat intelligence platform designed for organizations, investigators, and law enforcement.

Stratum Security

Stratum Security

Stratum Security is an information security consulting company that focuses on providing clear and concise risk guidance to its clients through high quality assessment services.

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER) conducts full spectrum military cyberspace operations in order to enable freedom of action in cyberspace and deny the same to the adversary.

Cyber Bytes Foundation

Cyber Bytes Foundation

Cyber Bytes Foundation exists to establish and sustain a unique Cyber Ecosystem to accelerate the development of a strong Cyber workforce and support community outreach programs.

CyberScotland

CyberScotland

The CyberScotland Partnership is a collaboration of key strategic stakeholders, brought together to focus efforts on improving cyber resilience across Scotland in a coordinated and coherent way.

SafetyDetectives

SafetyDetectives

SafetyDetectives mission is to give our readers accurate and valuable information so they can make informed decisions about staying safe, secure and protected on the internet.

FTCYBER

FTCYBER

FTCYBER offers the latest technology and data recovery services to identify and extract data from computers and other digital devices.

Stack Identity

Stack Identity

Stack Identity protects access to cloud data by prioritizing identity and access vulnerabilities via a live data attack map.

Abstract Security

Abstract Security

Abstract Security has created a revolutionary platform, equipped with an AI-powered assistant, to better centralize the management of security analytics.

Vorlon

Vorlon

Vorlon's agentless patent-pending solution facilitates risk profiling of apps, and provides AI-driven behavioral analytics with response recommendations.