1(630)802-8605 Ravi.das@bn-inc.net

In the word of Cybersecurity today, there is that old saying that old dinosaurs never die out.  This is especially true when it comes to launching out new threat vectors against unsuspecting victim.  Take for example for Phishing. 

This type of Cyberattack has been around for a very long time, but the hackers who launch them today are finding new ways to reinvent it, basically keeping the underlying methodology intact.

This known in more technical terms as a “variant”.  Examples of variant Phishing based attacks include those of Business E-Mail Compromise, the inclusion of Ransomware .EXE files in links and attachments, etc.  In other words, the goal here is not to spend and time resources thinkng up of a brand-new style of “artillery”, rather the emphasis is just to keep building a better mousetrap.

This is now becoming pretty evident in the world of the Cyberattackers that create Malware, also more technically known as “Malware Authors”.  This is according to a bunch of high-level Cybersecurity researchers at a firm known as Malwarebytes.  They just recently published a report entitled “Under the Radar – The Future of Undetected Malware”. 

This can be seen in more detail at this link here:

https://resources.malwarebytes.com/files/2018/12/Malwarebytes-Labs-Under-The-Radar-US.pdf

In this report, it is stated that Malware Authors are constantly changing their modes of attack, so that they can stay under the radar for much longer periods of time than ever before.  In what other areas are they changing as well?  The list is as follows:

*The profit motive of the Malware Author has changed.  For example, rather than engaging in the so called “Smash and Grab” campaigns where they could take everything all at once, the emphasis is now to drain the bank accounts of the victim over a much longer period of time, in the hopes of pumping more money out of them.  This can only be done of course, by staying in the “kill zone” for a much longer period of time, by going undetected. 

*But staying in for a longer period of time does not necessarily mean that the Cyberattacker will be in there 24/7/365.  They have multiple targets to hit.  So, they may make a first hit, stay in for a few days, and then leave the kill zone by leaving a covert back door open.  Also, they will write the source code for the Malware in such a way that it will not grow over time, but also become deadlier and stealthier as well.  This is now called the “Under the Radar” Malware.

*The new variants of Malware that are being created today now implement anti forensic techniques into them, and they now have become fileless in nature as well.  In fact, the latter accounts for about 35% of all Cyberattacks, and have a 10X success rate penetrating their target more than other attack payloads.

*There are four new Malware variants that you should be aware of, and they are known as “Emotnet”,   “Trickbot”, “Sorebrect”, and “SamSam”  Here are some noteworthy things about them:

                *Emotet, which is a Malware that targets the financial industry specifically, has been detected    over 1.5 million times between   January and September 2018.

*Trickbot, has also been detected over 500,000 times, primarily targeting the academic sector, within the same period.

*The Sorebrect Malware is totally fileless, and has been created and designed to be a Ransomware variant;

*The SamSam Malware is also a Ransomware variant, but it is launched and controlled in an entirely manual process using batch scripts.

At this point, you might very well be asking how is it the that the modern antimalware software packages cannot detect and mitigate these newer Malware variants?  There are three primary reasons for this, and they are as follows:

*Current software packages only detect those Malware attacks that are file based in nature;

*Some of the more sophisticated antimalware tools rely upon close human intervention in order to discern any unseen trends or anomalies.  This is not only a difficult task to accomplish, but it can be extremely time consuming as well, and a drain of resources when trying to keep up with other Cyberthreats.

*As mentioned in the first bullet, the current antimalware software packages cannot process anything within the memory of the computer itself.  The newer Malware variants are totally exploiting this particular weakness, so that they can make use of critical processing powers and go undetected for extremely long periods of time.

So, what can be done so that the antimalware software packages of today can detect the newer Malware variants?  The Cybersecurity researchers at Malwarebytes have recommended the following:

*Implement the use of Behavioral based analytics and detection.  In other words, these software packages should not only be able to mitigate any threats that are inbound to the organization’s line of defense, but they should also be able to model and predict what future Malware variants will look like.  This will mean implementing both Machine Leaning (ML) and Artificial Intelligence (AI) functionalities into the antimalware software packages.

*The new functionalities just described up above need to be implemented at the Security endpoints.

*The antimalware software packages need to be modernized in such a way that they themselves do not become a victim of a Malware variant, such as being disabled or even completely eradicated.

My thoughts on this?

Just based on what I have written, it is quite clear that Malware variants will continue to be a huge threat not only businesses and corporations, but also to individuals as well, going into 2019 and even beyond. 

And because the Malware variants are becoming so much harder to detect even for the highly trained Cybersecurity professional, in this case, it could all come down to technology more so than human intervention in order to prevent them from being such a huge risk.

Thus, the need to modernize the current line (or even coming up with brand new ones) of antimalware software packages and constantly keeping them upgraded on a regular schedule (both from the vendor and customer standpoints) needs to be done now, and not even just ASAP