Targeted Malware Detection
July 27, 2017
Today’s cyber criminal wants one thing. He wants to get his malware into your IT network because once he’s in, he can go to work–remotely–achieving the myriad of other criminal activities he and his accomplices have in mind.
Your best defense against targeted malware is to thwart the criminal actor before he gets to you, your network, or your colleagues. An early warning system is critical to gaining the insight you need to inform end users. People, sadly, are the number one vulnerability to achieving malware infiltration.
So how do you get the easiest access to the latest malware attack strategies in advance?
Everyone is busy. Who has time to do the work on their own? Thankfully, providers like us have put together all of the required pieces to give organizations accurate, relevant alerts in real-time. And our threat intelligence can actually integrate into your current security systems.
In 2016, Gartner, the world’s leading information technology, and research company, named Blueliv a leader in providing innovative insight into Machine-Readable Threat Intelligence.
Threat Intel significantly increases visibility to improve your security posture. That intelligence includes the world of targeted malware. In this article, Blueliv will take a hard look at how targeted malware works.
Definition of Targeted Malware
What do analysts mean when they say targeted malware? The short answer: targeted malware is a variety of crimeware specifically designed for a particular industry or organization used to obtain sensitive information. Targets might include utility providers, governmental agencies, and financial institutions.
It’s all about harvesting sensitive information. Actors are generally looking for 2 types:
- Intellectual property
- Customer data sets
Tracking geo-location and general types of malware incidents are not enough. What’s super-important is receiving detailed reports that present findings from the reverse analysis. These show you specific behavior patterns that will allow your organization to take the right steps to help prevent infiltration.
Our Enterprise Solution Targeted Malware module provides access to these reports–gleaned from millions of monthly Malware data samples.
Additionally, you can upload suspicious files to our intelligent sandbox to generate reports that indicate which systems are infected, and, if infected, how that infection was delivered.
The fight against Malware is a battle for information.
Criminals want to steal your valuable information and use intelligence systems to try to get it. Any successful counterattack also requires intelligence. Without the clear, concise characteristics of, for example, a malware campaign, it’s difficult, if not impossible, to build a strong security posture.
Revealing Data Behind Targeted Malware
In April 2017, Hackmageddon released the following findings:
- Cybercrime accounted for 74.1% of the all motivations behind attacks
- Malware was the leading attack vector at 24.7%, and targeted attacks 23.5%, combined, they bring a total of close to 50% of the leading attack vectors for April
Time spent identifying and characterizing Targeted Malware makes sense. Verizon published a study of the 65 organizations breached this year, entitled: 2017 Data Breach Report.
Here are some of what they discovered:
Timely alerts notify people to the presence of email phishing and other strategies. This is key in preventing your organization getting to the point of being hacked.
The Importance of Data Sharing and Why It Doesn’t Always Happen
Attacks directed at industries are highly specific. Information sharing can be problematic, though, because, for confidentiality reasons, companies that have been breached may be reluctant to communicate this information to others in their industry.
A thorough problem-solving approach, which might be hindered by confidentiality clauses in companies, is not an issue when machines are reading precise fields and only those fields.
Having access to data points from a million samples per month, not only gives insight into specific breaches, but it also allows trends to emerge.
Trends of this magnitude aren’t necessarily visible to the human eye or mind. They are, however, easily identified and harvested through machine-learning. This allows you to pinpoint weaknesses unique to a particular industry or sector of the economy, and for which a specific, targeted malware is intended to exploit.
Important Points for Detection and Response
We respectfully acknowledge that there are just some things even the best CIO/CISO, IT Security Analyst cannot foresee. You work tirelessly to stay ahead of the challenges of business demands and fight against the efforts of criminal actors.
Real-time external threat intelligence alerts expose vulnerabilities to specific attacks and allow your IT team to close them in advance.
Something as simple as a weak username or password can have a devastating impact when easily guessed.
In an academic research study done by L. Christopher, K. Choo, and A. Dehghantanha entitled: Honeypots for employee information security awareness and education training, the authors cite the following:
Two of the most commonly used usernames are admin and root. The former is the default name for Unix based machines while the latter is a commonly used username in routers or network devices. It was also noted that Oracle was one of the top 10 user names for this brand of widely used database software.
Your People Are the Key | Give Them the Tools
Employee training is critical to maintaining a secure network. Human factors, the research team maintains, are likely to remain the weakest link in attempts to secure systems and networks.
Employee information and security awareness education mitigate cyber threats.
Security teams fighting against a 3-pronged situation called the Routine Activity Theory (RAT).
In order for a breach to occur:
- There must be an existing opportunity for the crime
- A suitable target and a motivated offender must both be present
- The target must be without a capable guardian
Eliminate one or more of these components and you lessen the opportunity for the crime to occur.
Capable guardianship is the wall of your fortress. Your employees will self-manage when they have the training.
You provide an additional layer when you have real-time alerts. This gives your IT and Communications staff the ability to inform employees of tangible, relevant actions.
What the Blueliv Targeted Malware Module Can Do for Your Company
As mentioned, machine-learning and enormous data sets, and a cloud-based sandbox–allow organizations to better:
- Track malware and mobile malware trends—locally and globally—to detect targeted malware
- Connect internal network analysis appliances to automatically send malicious binaries for analysis into a cloud-based elastic sandbox
- Gain early warnings of information theft or leaks due to a malware attack
- Protect your bank from Man in the Browser attacks
Our sandbox lets your team upload suspicious executable files for analysis. From this, we can deliver detailed analysis about behavior, system changes, network traffic, and malware distribution campaigns.
To set up a demonstration, feel free to contact one of our analysts.