Cyber Explainer: Malware

A recent study found more than 700 million samples of malware. Here’s why this cyberattack tool shape-shifts so much.

malware cyberattack

In this new series, “Cyber Explainer,” Interset breaks down the five most damaging types of threats facing enterprises, then details the five most effective cyberattack methods criminals use to exact them. For this seventh installment, we look at malware, the most pervasive starting point for hackers to access company networks.

What It Means
The term “malware” refers to malicious software created to compromise a user or device, to enter a network to steal sensitive data. Malware, designed to avoid detection, can take the form of worms, spyware, Trojan horses, and most commonly, viruses. It can be disseminated through phishing attacks (notably, attachments and links), malicious websites, or even command & control protocols. Ransomware, which locks or denies network access through encryption, is a type of malware that’s become increasingly popular for criminals looking to leverage data value (rather than stealing it) for a more immediate payoff.

Where You’ve Seen It
The North Korea-instigated Sony data breach began as an office break-in, where criminals, on premise, planted malware on Sony computers. More recently, the WannaCry, (Not)Petya, and this week’s Bad Rabbit ransomware attacks that have spread worldwide (respectively) were possibly 2017’s biggest malware events. Using related software, they took advantage of Microsoft Windows vulnerabilities. (Not)Petya, determined to be a cyberattack on Ukraine, just happened to go global, underscoring how contagious malware can be.

How to Stop It
McAfee Labs’ quarterly threats report released in April 2017 found that although new malware may be on the decline, total malware has been rising steadily since 2015. (McAfee’s September 2017 report found that “the total number of malware samples grew 23% in the past four quarters to almost 723 million samples.”) Criminals are relentless in coopting exiting creations in the name of time efficiency: observe as their peers deploy rogue software, improve upon their shortcomings, and then use it for their own gain. In other words, malware is always evolving.

The common thread throughout these malware samples, however, is how they always create unusual entity behavior. Security analytics that uses machine learning can sort through billions of events to point security teams towards truly suspect behavior in the network. It does this with speed and accuracy, because it doesn’t rely on rules or thresholds, which often cause SIEM systems to dispatch false-positive alerts. In this way, the many malware threats that are designed to elude detection, simply cannot hide.

LEARN MORE Why machine learning is key to impactful threat detection and intelligence