SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Malware variants becoming increasingly prevalent, sophisticated and evolved

Wed, 20th Jan 2021
FYI, this story is more than a year old

Malware variants are becoming increasingly prevalent, sophisticated and evolved despite the advancements of anti-malware solutions, according to Giacom and Webroot.

In addition, there are new trends in execution such as the increased modularity of malware where a combination of attack methods and mix-and-match tactics are used to ensure maximum damage and/or financial loss.

The rise of malware has only been accelerated by COVID-19 as more remote workers access unsecured and home networks, away from the physical help of IT teams or in-person peer support.

As many businesses continue to face financial uncertainty as a result of the pandemic, there has been an increase in spam emails requesting legal action for late or missing payments. During the peak of COVID-19, Her Majesty's Revenue - Customs (HMRC) took down nearly 300 COVID-19-related scam sites and domains. This signifies government cyber awareness, which is always necessary, but in order to effectively stop malware and social engineering attacks like phishing, employees must also be invested in the fight.

This cannot be understated, as recent Webroot research into phishing and global click habits has shown over three-quarters of employees are still opening emails and clicking links from unknown senders.

"The modern threat landscape and ongoing evolution of malware are loud factors pushing every business to understand and identify modern malware threats and the necessary precautions to take to protect against them," says Daniel Warelow, product manager, Giacom and Kelvin Murray, senior threat researcher, Webroot.

Malware Education

Without understanding malware – what it is, how it works, and the damage it can do to businesses – it's unfair to expect employees to be capable of protecting against it. In order for businesses to stay ahead of the storm, educating the workforce is key.

According to Warelow and Murray, it is uncommon to now find a 'one-size-fits-all' form of malware, instead, each step of the process builds to get the most out of a target, such as this malware and ransomware demand.

Below is an example of a brutal, but unfortunately typical, process of infection from the Emotet malware"

First, attackers gain a foothold within a computer network, often through phishing techniques that get an organisation's employees to click on emailed links or attached documents. Once clicked on, a malicious script is run which then downloads the main executable, in this case, Emotet.

Emotet then gains access to additional parts of that network through password theft and other tricks such as the use of exploits and unpatched systems. It spreads as much as it can and then drops its payload.

The most common malware used for this stage is Trickbot. Trickbot steals every piece of valuable data it can find, including credit card, banking details, bitcoins, and anything else it can send back to the cyber criminals. Trickbot then drops the last payload, which is usually Conti or Ryuk, which encrypts every machine and shared drive it can access before demanding a ransom payment to be made.

"By having insight into the stages used and knowledge about how different types of malware work together, employees will be able to understand how modular malware infects computer systems and how they can take action to prevent attacks," says Warelow and Murray.

"Additionally, businesses will be able to identify areas of their network which may be vulnerable."

The Increased Risk of Remote Working

When organisations around the world were ordered to work from home, many were not prepared for this physical shift of technologies and network perimeters, amplifying the problem of protecting both personal and proprietary information. From Bring Your Own Device (BYOD), risks to working on open networks and employees facing the distractions of being at home, cybersecurity needs to be a priority in today's working-from-home-world.

Warelow and Murray say businesses need to take action to reduce the number of vulnerabilities and cyber challenges associated with a largely or entirely remote workforce. By using a virtual private network (VPN) for all business communications, network and Wi-Fi communications can be kept encrypted, making it much harder for hackers to gain access.

"Additionally, IT teams should develop and implement security policies and guidelines for BYOD requiring the correct security software to be installed on each device and ensuring updates to the latest operating systems are made consistently. Home router setups together with the general insecurities outside of the office need to be considered as part of a full review into the new norm."

Creating a Cyber Aware Culture 

According to Warelow and Murray, organisations of all sizes have to accept they are not immune to cyber-attacks, the latest technologies don't safeguard all operations and breaches are inevitable.

However, with a cyber resilience strategy, the right technology and security protocols in place and an educated workforce, businesses can considerably reduce risk and bounce back, even if data or operations are impacted.

"Security awareness training programmes offer regular, consistent and up-to-date education to help employees remain ahead of potential threats and learn how to spot and act upon any suspicious activity," they say.

"By undertaking training campaigns covering essential topics, including phishing simulations, social engineered attacks and password hygiene, organisations can gain insight into their internal systems and employee weak points to help aid proper prevention.

"Businesses also need to prioritise consistent communications to employees, reminding them of the threats to watch out for and that cybersecurity is an organisational priority," Warelow and Murray say.

"Content to employees should be tailored to their level of familiarity with cybersecurity to ensure actionable takeaways and advice are easy to identify and incorporated into their daily routines."

The Role of MSPs 

Warelow and Murray say many small businesses and organisations often struggle with a lack of IT resources or personnel. By leaning on or investing in a Managed Service Provider (MSP), organisations can adopt the best cybersecurity practices custom-fit to their IT environments and those of the clients they serve.

"MSPs offer immense value to SMBs (Small and Medium-Sized Businesses) by helping them to implement essential tools, strategies, technical expertise and support to keep data and employees secure. MSPs must take a proactive role in understanding the current state of a customer's ability to protect against, prevent, detect and respond to modern cyber threats when recommending the best approaches to combat modern malware and being cyber resilient.

"By building an offering that aligns with varying levels of cyber awareness and resilience, MSPs can help SMB IT and cybersecurity modernisation efforts at every step of the way," they explain.

With malware constantly evolving as a pivotal attack vector, Warelow and Murray say it's time for cybersecurity to become embedded in the DNA of every business to protect assets and reputation.

"Companies must take a more comprehensive approach towards security to address the threats posed by malware, including monthly security education, enhanced collaboration between teams, and teaming with the right MSP to help create a secure business approach to malware.

"Having a multi-layered security strategy allows businesses to be cyber resilient, even in the face of continued COVID-19-related disruption and evolving malware threats."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X