Malware Attack Vectors: What to Expect in 2018
From Bad Rabbit to NotPetya, bad actors are constantly evolving their malware attack vectors–the methods they use to distribute sophisticated malware attacks. This ever-growing network threat landscape requires organizations to keep abreast of changes in the way in which malware is delivered.
Keeping Pace with New Attack Schemes
The way that users are interacting with their networks, data, and the world around them has changed–and with these changes have come a number of new malware infection vectors. The Internet of Things has created a variety of new endpoints, which may connect directly to a corporate network in the form of anything from a network printer to a “smart” light bulb.
The proliferation of mobile devices additionally has made it so that networks must protect against a variety of different platforms, all of which may be inherently unsecured. These mobile devices can also be used to put a tremendous amount of strain on a network, in the form of botnets. With mobile devices and IoT devices combined, the number of different endpoints (and therefore attack vectors) to protect becomes exponentially greater
Evolving Malware Attack Vectors
The number of different malware infection vectors is constantly evolving. Here are some of the ways in which old attack vectors are changing and some of the new vectors that have emerged recently:
Ad-Based Malware: Malware embedded in advertisements has always been common, as third-party networks are often the driving force of many ads. Simply viewing a malicious ad could be enough to inject malicious code into an unprotected device. These ads are often distributed and viewed on large, trusted websites, which makes many users potentially vulnerable. Malicious ads can also be directly embedded into apps and served through apps that are otherwise trusted. In recent years, many of these malicious ads have been used to mine cryptocurrency (in other words, to generate digital currency that can then be used by hackers). The popularity of cryptocurrency has bolstered the spread of ad-based malware, which in turn takes advantage of the user’s computer resources and may impact the stability of their system.
Mouse Hovering: A fairly new technique, mouse hovering takes advantage of a vulnerability in some well-known solutions such as PowerPoint. When a user hovers over a link to see where it goes, shell scripts can be automatically launched. This is especially insidious as many users have been taught to hover their mouse over links rather than click them to make sure the link is safe.
Mouse hovering takes advantage of system flaws that make it possible to launch programs based on fairly innocent actions of the user. However, this also highlights dangers that can be associated with familiar and easy to use products, as this is a type of malicious attack vector that would be extremely difficult for a user to identify and avoid.
Scamware Disguised as Malware Protection: Scamware disguised as malware protection is not new, but the techniques being used are growing more advanced. In the past, this attack vectors generally targeted users who were not computer savvy, showing ads that indicated their computer had been compromised, and demanding payment to unlock their computer. This was a prototypical form of modern ransomware. But in 2017 we also saw vulnerabilities that were introduced by CCleaner, a popular computer cleanup utility that was also used to fight malware. Hackers were able to inject malware into the product so effectively that the product was distributed by the original manufacturer in this format. Millions of users were impacted by this attack, which came from a theoretically trusted resource.
Defending Against Evolving Malware Vectors
Organizations are quickly discovering that it is not enough to identify malicious attacks one by one. Signature-based anti-malware solutions can only identify solutions that are already known, and relying on this type of solution can lead to the fast propagation of previously unknown threats. Even modifications such as the evolution of Petya to NotPetya can skirt past these types of solutions as the digital signature of the malicious program has changed. And because malware attack vectors are broadening and there are more malicious programs than ever, it is difficult for these types of conventional malware solutions to be effective.
Consequently, organizations must turn to a multi-pronged, network-based approach that analyzes and monitors the entirety of the network at once. Technologies that uncover all behaviors engineered into a piece of malware can identify new attacks based on network traffic and activity, making them more effective when identifying unknown malware and more likely to identify evolving threats. Technologies built on a foundation of advanced malware behaviors learn and grow as they are introduced to new malicious programs, making them more advanced and effective over time.
Organizations must work to understand threats in a global context, developing future-proofed solutions and comparing indicators of compromise with other organizations across the globe in real-time. This allows anti-malware solutions to counter epidemics quickly as they spread. Organizations need to be able to pivot and adapt to evolving threats, and this requires a more advanced type of anti-malware technology.