Malware Prevention: A Multi-Layered Approach

What is Malware

Malware, or “malicious software,” is a general term describing any program created to disrupt or unlawfully retrieve information from a computer system.

Attackers use malware to invade, damage or disrupt computer systems, networks, and devices. Their goal may be data exfiltration, direct financial gain, corporate espionage, revenge or sabotage (for example in the case of disgruntled employees), or hacktivism.

Types of Malware
The most common types of malware are:

• Adware—disguises itself as a legitimate program or is attached to another application. Once installed it serves ads either directly or through a browser. It may also be able to steal your data or infect other connected systems.
• Spyware—often attached to legitimate programs, it observes the user’s activities without permission and reports to the attacker.
• Trojan horse—disguises itself as a useful program or code so you can install it on your system. The attackers then use the Trojan to steal sensitive information or install additional malware to gain deeper control of the system.
• Ransomware—encrypts files or locks users out of a system, asking them to pay a ransom, typically in cryptocurrency, to regain access. There is no guarantee that attackers will release the files even after the ransomware is removed.
• Rootkit—gives the attacker administrator or root privileges on an infected system. Once inside, an attacker can move laterally through a network or create additional entry points.
• Exploits—take advantage of vulnerabilities in a system, allowing the attacker to penetrate or take control. This is often linked to adware, or malvertising, which uses a legitimate site to execute code from a malicious site, enabling an illicit drive-by installation on the user’s device.

High-Profile Examples of Malware Attacks

Wannacry
In 2017, WannaCry infected more than 200,000 computers in more than 150 countries. This ransomware affected a wide range of industries, including organizations like the UK National Health Service, FedEx, Renault, Spain Telecom and several gas companies. Worldwide financial damages from the attack worldwide were estimated at $4 billion.

NotPetya
The makers of NotPetya targeted the entire country of Ukraine. This infrastructure breach resulted in the disruption of public services, including airports, public transit, the police, and even the central bank. The attack impacted the national economy, civil welfare, and national security.

Zeus
Zeus ia banking trojan, especially designed to steal confidential banking data. Zeus is responsible for almost half of banking attacks, infecting 3.6 million computers in the U.S. In 2010 the FBI cracked down on the criminal ring operating Zeus, and arrested 100 individuals related to the malware in the USA, UK and the Ukraine.

Kaptoxa
Kaptoxa is a POS trojan; it steals customer data used in electronic transactions involving debit and credit cards. This trojan was behind the Target data breach, which exposed the data of more than 70 million customers of the large USA retailer. Kaptoxa managed to remain undetected in Point of Sale systems for days, increasing the damage caused. The Target breach is said to have a milestone that caused payment processors around the world to switch from traditional magnetic cards to smart chip-based payment cards.

How to Protect Against Malware

A strong security posture starts with a layered threat detection and prevention approach. There are a number of essential components of a secure corporate environment:

1. Endpoint Protection
   Use an endpoint protection solution that provides not only legacy antivirus, but also Next-Generation Antivirus (NGAV). NGAV can detect and prevent malware that does not match a known binary signature, as well as fileless attacks that execute in memory or via network protocols without downloading a file to the target device.
2. Control Privileges
   Control privileges on endpoints, servers, even administrator accounts, using the least privilege principle. Rigorously audit user accounts to ensure you remove old or unused accounts, roles and permissions. This makes it more difficult for attackers to penetrate devices to install malware in the first place, and makes it more difficult for them to escalate privileges and perform lateral movement, once malware is already inside.
3. Vulnerability Protection
   Software vulnerabilities are one of the most likely entry points into your organization. Use vulnerability scanning tools, update and patch software across the organization, and install security patches as soon as they are available. You will not be able to prevent all vulnerabilities, so perform periodic audits of your software, conduct risk assessment and use penetration testing techniques to evaluate which vulnerabilities are the most severe.
4. Social Engineering Protection
   Social engineering is another key entry point into your security perimeter. Attackers realize that human employees are often the weakest link of the security chain. Train employees on an ongoing basis about the risks of social engineering and how to detect attacks like phishing and pretexting. Use tools that can automatically identify and block suspicious links in emails and other messages.
5. Threat Intelligence
   Use threat intelligence feeds to keep on top of threats, and integrate knowledge of threat actors and attack techniques into your cyber defenses. Threat intelligence can help you understand if a certain Indicator of Compromise (IoC) is linked to a specific type of malware, who built that malware, and what Tactics, Techniques and Procedures (TTP) the attacker is likely to use.

Malware Prevention, Detection and Mitigation with Cynet 360

Malware protection requires a multi-layered security approach. Cynet 360 is a security solution that includes Next-Generation Antivirus (NGAV), a device firewall, and Endpoint Detection and Response (EDR) capabilities that help security teams respond to malware attacks when they happen. It also offers network analytics, behavioral analytics and deception technology, to help capture attackers whatever vector they use to penetrate your network.

Cynet’s platform includes:

• NGAV—blocks malware, exploits, LOLBins, Macros, malicious scripts, and other known and unknown malicious payloads.
• Zero-day protection—uses User and Entity Behavior Analytics (UEBA) to detect suspicious activity and block unknown threats.
• Monitoring and control—asset management, endpoint vulnerability assessments and application control, with auditing, logging and monitoring.
• Response orchestration—automated playbooks and remote manual action for remediating endpoints, networks and user accounts affected by an attack.
• Deception technology—lures attackers to a supposedly vulnerable honeypot, mitigating damage and gathering useful intelligence about attack techniques.
• Network analytics—identifying lateral movement, suspicious connections and unusual logins.

Learn more about the Cynet 360 security platform.