At the 2018 Panda Security Summit (PASS), Pedro Uria, Director of PandaLabs at Panda Security, said that the “challenge for the future of cybersecurity lies in hackers, not malware.”
“To combat cybercriminals and ‘malwareless’ attacks,” says Uria, “companies have to protect their IT equipment with an advanced cybersecurity solution capable of monitoring systems in real-time and able to understand whether actions taken are genuinely legitimate…”
The fact is that hackers are highly-trained cybercriminals with access to resources capable of compromising a system in an organisation without being detected. And malwareless attacks – where cybercriminals access critical business networks without malware – are on the rise.
With this considered, should malware attacks even be considered a problem or indeed the main focus for modern businesses, especially when there are solutions available to prevent them?
In this blog, we take a look at the current state of malware and explain how businesses of all sizes can best combat them and newer malwareless attacks.
New malware is created on a daily basis but can be combatted with existing security solutions
Statistics from AV-Test, a leading independent organisation that evaluates IT security solutions, found that from May 2018-August 2018, there were around 11 million new malware samples every month and for the year, around 815 million unique malware programs (more than double that of 2014).
This massive increase in the amount of malware can be attributed to the fact that cybersecurity systems are more advanced, and cybercriminals are looking for new ways to compromise systems.
However, most enterprises have some form of threat detection or event management solution that automates the reporting of malware attacks. In some cases, these solutions can implement corrective actions (such as quarantine and removal) without an analyst. Furthermore, as these solutions leverage machine learning, they get better and more accurate over time.
Finally, when a new malware program is released, anti-malware programs get a signature update within 24 hours or less, says CSO, making it difficult for new malware programs to gain any traction.
Malware attacks are much more sophisticated but so too are cybersecurity systems
As well as utilising stealth techniques and diversionary tactics (such as creating and deleting files at random to avoid being detected by cybersecurity solutions), newer forms of malware come equipped with a “kill switch”, a function that essentially deletes any record of its existence.
Older examples of such malware include Green Dispenser and Flame. Green Dispenser allowed an attacker to drain an ATM’s cash vault if it’s infected with the malware. Once the ATM’s vault was cleared, the malware deleted itself using a “deep delete” process, leaving little to no trace of how the ATM was robbed.
Flame, on the other hand, was discovered in 2012 and had multiple libraries, databases, levels of encryption and different plug-ins that could be swapped in and out to provide different functionalities for attackers. At the time, security experts called Flame the “most complex malware ever found” due to its operational nature and ability.
Of course, whilst both demonstrate just how potent malware attacks can be, the cybersecurity systems that exist today can monitor threats in real-time and around the clock. Nowadays, these kinds of attack only succeed when businesses neglect routine software updates, security policies, threat notifications, or use the wrong software.
Despite new malware being created on a daily basis, cyberattacks using malware are on the decline
According to our own research report, 62% of security breaches were due to hackers. Of those breaches, 51% were as a result of malware – in the rest, cybercriminals used other tools against which most companies are not protected; in essence, “malwareless attacks”.
Businesses are being attacked in a way they are not prepared for nor protected against, and a traditional approach to cybersecurity in the manner of traditional protection solutions and firewalls to just protect against malware attack is no longer enough
Real-time threat detection and threat hunting systems can mitigate malware and malwareless attacks
To protect against modern cyberattacks and malwareless attacks, businesses need an end-to-end enterprise-grade solution, one with real-time threat prevention, detection, remediation and analysis to decrease the amount of malware cases significantly.
Panda has seen a significant decrease in the amount of malware attacks using our Adaptive Defence 360 cybersecurity suite. The Adaptive Defence 360 suite is a cloud-based endpoint protection service and fills in the gaps that some businesses have in their cyberdefences. It includes file, web and mail protection, client firewall, web content filtering, Exchange anti-spam and removable device controls.
The solution analyses and classifies all apps run on endpoints (mobile devices, laptops and other connected devices) and blocks those that are not authorised.
Any potential threats are flagged in real-time using machine learning techniques, allowing analysts to respond to and rectify problems before those threats can do any damage. As soon as any malware is identified on the network, detailed information pertaining to the malware’s location, type and the devices it has infected is compiled.
As of May 2018, only three incidents have been escalated to us by our clients using the Adaptive Defence 360 suite.
If you want to find out more about our Adaptive Defence 360 suite, please click here.
There are a number of enterprise-grade solutions out there capable of responding to malware attacks. For businesses today, it’s not a question of being able to protect against malware, but being able to protect against other forms of cyberattack. Malwareless attacks are on the rise, and on that basis, businesses need to be able to protect not only their perimeter, but also the endpoint devices within their infrastructure.