Malware Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

Malware

MALWARE MONTH: Devising effective anti-malware strategies

 960 640 Stuart O'Brien
By:
0
0

In the complex cybersecurity landscape of the UK, Chief Information Security Officers (CISOs) face the daunting task of protecting their organisations against a multitude of evolving malware threats. An effective anti-malware strategy is essential for safeguarding sensitive data and maintaining business continuity. Here we delve into the key considerations that CISOs must weigh when formulating such a strategy…

1. Comprehensive Threat Analysis

The first step in crafting an anti-malware strategy is a thorough understanding of the current threat landscape. CISOs need to analyse the types of malware most likely to target their sector, including ransomware, spyware, Trojans, and worms. Understanding the techniques employed by cybercriminals, such as phishing, drive-by downloads, or zero-day exploits, is crucial. This analysis should guide the development of a strategy that addresses specific vulnerabilities and potential attack vectors.

2. Layered Defence Mechanisms

In the world of cybersecurity, relying on a single line of defence is insufficient. CISOs must adopt a multi-layered approach that encompasses not just anti-malware software but also firewalls, intrusion detection systems, and email filtering. Each layer serves to block different types of threats and provides redundancy should one layer fail.

3. Integration with Existing IT Infrastructure

Any anti-malware solution must seamlessly integrate with the existing IT infrastructure. CISOs should ensure compatibility with current systems to avoid any disruptions in operations. This also involves considering the scalability of the solution to accommodate future organisational growth and technological advancements.

4. Regular Software Updates and Patch Management

Keeping software up-to-date is a fundamental aspect of an anti-malware strategy. CISOs must implement robust policies for regular updates and patches, as outdated software is a common entry point for malware. This includes not only security software but also operating systems and other applications.

5. Employee Education and Awareness

Human error remains one of the largest vulnerabilities in cybersecurity. CISOs must prioritise educating employees about safe online practices, recognising phishing attempts, and the importance of reporting suspicious activities. Regular training sessions, simulations, and awareness campaigns can significantly reduce the risk of malware infections.

6. Incident Response Planning

Despite the best preventive measures, malware breaches can still occur. Therefore, a well-defined incident response plan is vital. This plan should outline the steps to be taken in the event of an infection, including containment procedures, eradication of the threat, recovery actions, and communication protocols.

7. Compliance and Legal Considerations

CISOs must also consider legal and regulatory requirements, such as the General Data Protection Regulation (GDPR), which mandates stringent data protection measures. Failure to comply can result in substantial fines and reputational damage.

8. Continuous Monitoring and Analysis

Finally, continuous monitoring and analysis of network traffic and system activities are essential for early detection of malware. Implementing advanced analytics and AI-driven tools can help in identifying anomalies that might indicate a malware infection.

For CISOs in the UK, devising an anti-malware strategy requires a balanced approach that combines technological solutions with employee training and robust policies. As malware threats continue to evolve, so must the strategies to combat them. A proactive, dynamic, and comprehensive approach is key to safeguarding an organisation’s digital assets against the ever-present threat of malware.

Are you searching for Anti-Malware solutions for your company or organisation? The Security IT Summit can help!

Photo by Michael Geiger on Unsplash

MALWARE MONTH: Devising effective anti-malware strategies

 960 640 Stuart O'Brien
By:
0
0

In the complex cybersecurity landscape of the UK, Chief Information Security Officers (CISOs) face the daunting task of protecting their organisations against a multitude of evolving malware threats. An effective anti-malware strategy is essential for safeguarding sensitive data and maintaining business continuity. Here we delve into the key considerations that CISOs must weigh when formulating such a strategy…

1. Comprehensive Threat Analysis

The first step in crafting an anti-malware strategy is a thorough understanding of the current threat landscape. CISOs need to analyse the types of malware most likely to target their sector, including ransomware, spyware, Trojans, and worms. Understanding the techniques employed by cybercriminals, such as phishing, drive-by downloads, or zero-day exploits, is crucial. This analysis should guide the development of a strategy that addresses specific vulnerabilities and potential attack vectors.

2. Layered Defence Mechanisms

In the world of cybersecurity, relying on a single line of defence is insufficient. CISOs must adopt a multi-layered approach that encompasses not just anti-malware software but also firewalls, intrusion detection systems, and email filtering. Each layer serves to block different types of threats and provides redundancy should one layer fail.

3. Integration with Existing IT Infrastructure

Any anti-malware solution must seamlessly integrate with the existing IT infrastructure. CISOs should ensure compatibility with current systems to avoid any disruptions in operations. This also involves considering the scalability of the solution to accommodate future organisational growth and technological advancements.

4. Regular Software Updates and Patch Management

Keeping software up-to-date is a fundamental aspect of an anti-malware strategy. CISOs must implement robust policies for regular updates and patches, as outdated software is a common entry point for malware. This includes not only security software but also operating systems and other applications.

5. Employee Education and Awareness

Human error remains one of the largest vulnerabilities in cybersecurity. CISOs must prioritise educating employees about safe online practices, recognising phishing attempts, and the importance of reporting suspicious activities. Regular training sessions, simulations, and awareness campaigns can significantly reduce the risk of malware infections.

6. Incident Response Planning

Despite the best preventive measures, malware breaches can still occur. Therefore, a well-defined incident response plan is vital. This plan should outline the steps to be taken in the event of an infection, including containment procedures, eradication of the threat, recovery actions, and communication protocols.

7. Compliance and Legal Considerations

CISOs must also consider legal and regulatory requirements, such as the General Data Protection Regulation (GDPR), which mandates stringent data protection measures. Failure to comply can result in substantial fines and reputational damage.

8. Continuous Monitoring and Analysis

Finally, continuous monitoring and analysis of network traffic and system activities are essential for early detection of malware. Implementing advanced analytics and AI-driven tools can help in identifying anomalies that might indicate a malware infection.

For CISOs in the UK, devising an anti-malware strategy requires a balanced approach that combines technological solutions with employee training and robust policies. As malware threats continue to evolve, so must the strategies to combat them. A proactive, dynamic, and comprehensive approach is key to safeguarding an organisation’s digital assets against the ever-present threat of malware.

Are you searching for Anti-Malware solutions for your company or organisation? The Security IT Summit can help!

Photo by Michael Geiger on Unsplash

MALWARE MONTH: Emerging malware trends and how the UK’s CISOs are having to adapt

 960 640 Stuart O'Brien
By:
0
0

The cybersecurity landscape is being shaped by sophisticated and evolving malware threats on a weekly and even daily basis. Chief Information Security Officers (CISOs) are on the front lines, adapting to these emerging challenges with innovative approaches to protect corporate assets.

One of the most concerning trends is the rise of ransomware-as-a-service (RaaS), allowing even low-skilled cybercriminals to launch devastating attacks. For instance, the 2021 attack on the NHS systems highlighted vulnerabilities in public sector security and showcased the crippling effect of ransomware. CISOs must now consider the possibility of insider threats or inadvertent aid from employees to such external attackers.

The emergence of polymorphic and metamorphic malware, which can alter its code to evade detection, has demanded more dynamic and proactive detection mechanisms. Traditional signature-based defenses are no longer sufficient. CISOs are pivoting towards deploying advanced heuristics, behavior analytics, and machine learning algorithms that can anticipate and neutralize threats before they crystallize into attacks.

Additionally, the proliferation of IoT devices has expanded the attack surface dramatically. The 2020 breach of a UK-based energy provider through an IoT device served as a wake-up call. It has prompted CISOs to enforce stringent security protocols and integrate IoT device management into their overall security framework.

The trend of remote work, accelerated by the COVID-19 pandemic, has also introduced novel vulnerabilities. Cybersecurity hygiene for remote employees has become a top concern, with CISOs having to extend corporate security measures to home networks and personal devices through virtual private networks (VPNs), endpoint protection, and zero-trust models.

State-sponsored malware, targeting critical national infrastructure, has added a geopolitical dimension to the CISO’s role. The UK’s National Cyber Security Centre (NCSC) has flagged several such threats, necessitating public-private partnerships for shared intelligence and coordinated responses to these sophisticated threats.

In response to these challenges, CISOs are focusing on creating a robust cybersecurity culture within their organisations. This involves regular training and drills, phishing simulations, and promoting awareness about the latest malware trends among all employees. Emphasising the human factor is crucial, as a single lapse can lead to significant breaches.

CISOs are also adopting integrated security platforms that offer a unified view of the organisation’s security posture. By leveraging Security Information and Event Management (SIEM) systems, they can correlate data from various sources to identify potential threats quickly. Furthermore, advanced threat hunting teams are being employed to proactively scour networks for signs of compromise.

As malware continues to evolve, so must the strategies of CISOs. The modern CISO must not only be a technical expert but also a savvy business leader who can articulate the risks and required investments to stakeholders. They must ensure that cybersecurity is not seen as just an IT issue but as a pivotal part of the organisation’s overall risk management strategy. Through collaboration, innovation, and a relentless focus on education and culture, UK CISOs are reshaping their organisations to withstand the threats of tomorrow.

Are you searching for Anti-Malware solutions for your company or organisation? The Security IT Summit can help!

Photo by Ed Hardie on Unsplash

Do you specialise in Malware prevention solutions? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in November we’re focussing on anti-Malware solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re a Malware solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Jenny Lane on j.lane@forumevents.co.uk.

Here’s our full features list:

Nov – Malware
Dec – Network Security Management
Jan 2024 – Anti Virus
Feb 2024 – Access Control
Mar 2024 – Intrusion Detection & Prevention
Apr 2024 – Phishing Detection
May 2024 – Advanced Threat Dashboard
Jun 2024 – Browser/Web Security
July 2024 – Authentication
Aug 2024 – Penetration Testing
Sep 2024 – Vulnerability Management
Oct 2024 – Employee Security Awareness

OPINION: Don’t let fatigue be the cause of MFA bypass

 960 640 Guest Post
By:
0
0

By Steven Hope (pictured) , Product Director MFA at Intercede

If names such as Conficker, Sasser and MyDoom send a shiver down your spine, you are not alone. In the not-too-distant past computer viruses, whether simple or sophisticated had the power to cripple organisations large and small, as cybercriminals sought to wreak havoc, and gain notoriety and wealth.

For security professional’s endpoint/perimeter protection was the name of the game, with firewalls and anti-virus software providing the first line of defence. Whilst this type of malware still exists it is no longer the main attack vector, however, the threat landscape is ever evolving and, with the growth of man-in-the-middle (session hijacking), SIM hacking and targeted phishing attacks, preying on vulnerable authentication, including Multi-Factor Authentication (MFA).

In the same way that anti-virus has never been able to protect systems from 100% of trojan, worms, botnets, ransomware etc, there is no such thing as a phishing-proof solution, bar hardware-based PKI & FIDO for now. However, there are ways to be more resistant to phishing attacks. Unfortunately, the weakest form of resistance is also the most commonplace – passwords. Guess, buy or socially engineer a password and you instantly have access to whatever it is ‘protecting’, be it a social media account, or a mission-critical system. If it was deemed important enough to have a password in front of it, then the chances are that it has a degree of value, financial, or otherwise to the organisation that can be exploited.

The obvious choice, therefore, is to add another layer of security, so if the password is breached then there is another obstacle to overcome. This is commonly known as multi-factor authentication (MFA), but this can be a misnomer, if, for example, one of those factors is a poorly managed password programme (not following NIST guidelines and failing to have a Password Security Management solution). Given the weakness of passwords, MFA of this type is typically only as secure as the second factor. So, whilst potentially more secure than a standalone password, it is far from being resistant to phishing and some might argue whether this really is MFA.

Brute force attacks to guess passwords are still used today, but many cybercriminals are far more likely to focus less on cracking the computer and more on engineering the employee through techniques such as spear phishing, BEC (Business Email Compromise) and consent phishing. The aim here is to encourage the identified target to unwittingly handover the information they need.

A perfect example of this is the exploitation of the complacency surrounding push notifications (commonly known as ‘push fatigue’). Push notifications are increasingly used as the second factor when logging on to a system, or making a purchase. A message asks the account owner to accept, enter a one-time-code (OTC), or use a biometric (via the fingerprint reader on a mobile device).

Cybercriminals have learnt that bombarding accountholders with push notifications, creating a fatigue, can than result in the owner complying with their request; after all if pressing decline a few times doesn’t make the popups stop, may pressing Accept will. If they already have the username and password (readily available and traded at very low cost on the dark web) they can do as they please, whether that be making a transaction, emptying an account, downloading or deleting data. If the term ‘trojan horse’ had not already been attributed in the world of cybersecurity it would be an apt description of what cybercriminals are doing with push notifications.

So, if poorly managed passwords are weak and 2FA easily bypassed, it is a valid question to ask where that leaves authentication, especially given the lack of recognised standards (although I would encourage anyone to look at FIPS 201, published by NIST). The reality is that a multi-faceted and multi-factor authentication (MFA) approach needs to be phishing resistant. The better staff are trained (CUJO AI reported in January that 56% of Internet users try to open at least one phishing link every month), the more factors there are, the more secure you are. How far you go on the scale from passwords (not phishing resistant) to PKI (the highest level of authentication assurance) will very much depend on where you sit in the food chain and whether the organisation could be perceived to be a high value target, whether of itself or for its role in a wider and richer supply chain.

The reality for most organisations of any size is that different people and tasks will require different assurance levels, so any MFA solution used needs to have the ability to scale how credentials are applied appropriately. Authlogics Push MFA has been built with the end user in mind, giving them useful information with which to make a more informed accept/decline decision. Furthermore, after declining a logon they can simply tap the reason why and push fatigue protection will automatically kick in.

In the third quarter of 2022, the Anti-Phishing Working Group (APWG) reported 1,270,883 phishing attacks, the worst ever recorded by the group. The reason is simple – phishing works. Every expectation is that 2023 will continue to see numbers rise. However, using the right MFA as part of an overall security strategy can provide the resistance needed to repel ever more sophisticated, persistent and persuasive attacks.

Do you specialise in Anti-Malware solutions? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in November we’re focussing on Malware solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re a Malware solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here’s our full features list:

Nov – Malware

Dec – Network Security Management

Do you specialise in Malware protection solutions? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
11

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in November we’re focussing on Malware solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re a Malware solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here’s our full features list:

Nov – Malware
Dec – Network Security Management
Jan – Anti Virus
Feb – Access Control
Mar – Intrusion Detection & Prevention
Apr – Phishing Detection
May – Advanced Threat Dashboard
Jun – Browser/Web Security
July – Authentication
Aug – Penetration Testing
Sep – Vulnerability Management
Oct – Employee Security Awareness
Nov – Malware
Dec – Network Security Management

Unwanted apps high on 2020 cyber threat list

 960 640 Stuart O'Brien
By:
0
0

So-called ‘fleeceware’ apps and aggressive adware software are among the key cyber threats posed to businesses and the public in 2020.

That’s according to the 2020 Threat Report, produced by SophosLabs to explore changes in the threat landscape over the past 12 months.

The Report focuses on six areas where researchers noted particular developments during this past year – here are the key findings:-

  • Ransomware attackers continue to raise the stakes with automated active attacks that turn organizations’ trusted management tools against them, evade security controls and disable back ups in order to cause maximum impact in the shortest possible time. 
  • Unwanted apps are edging closer to malware. In a year that brought the subscription-abusing Android Fleeceware apps, and ever more stealthy and aggressive adware, the Threat Report highlights how these and other potentially unwanted apps (PUA), like browser plug-ins, are becoming brokers for delivering and executing malware and fileless attacks.  
  • The greatest vulnerability for cloud computing is misconfiguration by operators. As cloud systems become more complex and more flexible, operator error is a growing risk. Combined with a general lack of visibility, this makes cloud computing environments a ready made target for cyberattackers.
  • Machine learning designed to defeat malware finds itself under attack. 2019 was the year when the potential of attacks against machine learning security systems were highlighted. Research showed how machine learning detection models could possibly be tricked, and how machine learning could be applied to offensive activity to generate highly convincing fake content for social engineering. At the same time, defenders are applying machine learning to language as a way to detect malicious emails and URLs. This advanced game of cat and mouse is expected to become more prevalent in the future. 

Other areas covered in the 2020 Threat Report include the danger of failing to spot cybercriminal reconnaissance hidden in the wider noise of internet scanning, the continuing attack surface of the Remote Desktop Protocol (RDP) and the further advancement of automated active attacks (AAA).

“The threat landscape continues to evolve – and the speed and extent of that evolution is both accelerating and unpredictable. The only certainty we have is what is happening right now, so in our 2020 Threat Report we look at how current trends might impact the world over the coming year.  We highlight how adversaries are becoming ever stealthier, better at exploiting mistakes, hiding their activities and evading detection technologies, and more, in the cloud, through mobile apps and inside networks. The 2020 Threat Report is not so much a map as a series of signposts to help defenders better understand what they could face in the months ahead, and how to prepare,” said John Shier, senior security advisor, Sophos.

For additional and detailed information on threat landscape trends and changing cybercriminal behaviours, check out the full SophosLabs 2020 Threat Report at https://www.sophos.com/threatreport

Do you specialise in Anti-Malware solutions? We want to hear from you!

 960 640 Stuart O'Brien
By:
0
0

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in November we’re focussing on Anti-Malware solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re an Anti-Malware solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Chris Cannon on c.cannon@forumevents.co.uk.

Here are the areas we’ll be covering, month by month:

Nov – Malware
Dec – Network Security Management

For information on any of the above topics, contact Chris Cannon on c.cannon@forumevents.co.uk.

Document-based malware increase ‘alarming’

 960 640 Stuart O'Brien
By:
0
0

Researchers have uncovered what they’re calling an ‘alarming’ rise in the use of document-based malware.

A recent email analysis conducted by Barracuda Networks revealed that 48% of all malicious files detected in the last 12 months were some kind of document. 

More than 300,000 unique malicious documents were identified.

Since the beginning of 2019, however, these types of document-based attacks have been increasing in frequency – dramatically. In the first quarter of the year, 59% of all malicious files detected were documents, compared to 41% the prior year.

The team at Barracuda has taken a closer look at document-based malware attacks and solutions to help detect and block them.

Cybercriminals use email to deliver a document containing malicious software, also known as malware. Typically, either the malware is hidden directly in the document itself or an embedded script downloads it from an external website. Common types of malware include viruses, trojans, spyware, worms and ransomware.  

The Modern Framework for Malware Attacks

After decades of relying on signature-based methods, which could only be effective at stopping a malware strain once a signature was derived from it, Barracuda says security companies now think about malware detection by asking “What makes something malicious?” rather than “How do I detect things I know are malicious?”.

The focus is on attempting to detect indicators that a file might do harm before it is labeled as being harmful.

A common model used to better understand attacks is the Cyber Kill Chain, a seven-phase model of the steps most attackers take to breach a system:

·       Reconnaissance –target selection and research

·       Weaponisation –crafting the attack on the target, often using malware and/or exploits

·       Delivery –launching the attack

·       Exploitation –using exploits delivered in the attack package

·       Installation –creating persistence within the target’s system

·       Command and control –using the persistence from outside the network

·       Actions on objective –achieving the objective that was the purpose of the attack, often exfiltration of data

Barracuda says most malware is sent as spam to widely-circulated email lists, that are sold, traded, aggregated and revised as they move through the dark web. Combo lists like those used in the ongoing sextortion scams are a good example of this sort of list aggregation and usage in action.

Now that the attacker has a list of potential victims, the malware campaign (the delivery phase of the kill chain) can commence, using social engineering to get users to open an attached malicious document. Microsoft and Adobe file types are the most commonly used in document-based malware attacks, including Word, Excel, PowerPoint, Acrobat and pdf files.

Once the document is opened, either the malware is automatically installed or a heavily obfuscated macro/script is used to download and install it from an external source. Occasionally, a link or other clickable item is used, but that approach is much more common in phishing attacks than malware attacks. The executable being downloaded and run when the malicious document is opened represents an installation phase in the kill chain.

Archive files and script files are the other two most common attachment-based distribution methods for malware. Attackers often play tricks with file extensions to try to confuse users and get them to open malicious documents. 

Barracuda says modern malware attacks are complex and layered; the solutions designed to detect and block them are, too.

Detecting and Blocking Malware Attacks

Blacklists  —With IP space becoming increasingly limited, spammers are increasingly using their own infrastructure. Often, the same IPs are used long enough for software to detect and blacklist them. Even with hacked sites and botnets, it’s possible to temporarily block attacks by IP once a large enough volume of spam has been detected. 

Spam Filters / Phishing-Detection Systems —While many malicious emails appear convincing, spam filters, phishing-detection systems and related security software can pick up subtle clues and help block potentially-threatening messages and attachments from reaching email inboxes.

Malware Detection — For emails with malicious documents attached, both static and dynamic analysis can pick up on indicators that the document is trying to download and run an executable, which no document should ever be doing. The URL for the executable can often be flagged using heuristics or threat intelligence systems. Obfuscation detected by static analysis can also indicate whether a document may be suspicious.

Advanced Firewall — If a user opens a malicious attachment or clicks a link to a drive-by download, an advanced network firewall capable of malware analysis provides a chance to stop the attack by flagging the executable as it tries to pass through.

  • 1
  • 2