It's Raining Malware: Understanding and Protecting Against Today's Threats
From using VPNs to heightened security awareness, companies must work harder to stop attacks as people work from home.
March 1, 2021
By Daniel Warelow and Kelvin Murray
Daniel Warelow
Kelvin Murray
Despite the advancements of antimalware solutions, malware variants are becoming increasingly prevalent, sophisticated and evolved. In addition, there are new trends in execution such as the increased modularity of malware where a combination of attack methods and mix-and-match tactics are used to ensure maximum damage and/or financial loss.
The rise of malware has only been accelerated by COVID-19 as more remote workers access unsecured and home networks, away from the physical help of IT teams or in-person peer support. As many businesses continue to face financial uncertainty as a result of the pandemic, there has been an increase in spam emails requesting legal action for late or missing payments. During the peak of COVID-19, Her Majesty’s Revenue & Customs (HMRC) took down nearly 300 COVID-19-related scam sites and domains. This signifies government cyberawareness, which is always necessary, but to effectively stop malware and social engineering attacks such as phishing, employees must also be invested in the fight. This cannot be understated, as recent Webroot research into phishing and global click habits has shown over three-quarters of employees are still opening emails and clicking links from unknown senders.
The modern threat landscape and ongoing evolution of malware are loud factors pushing every business to understand and identify modern malware threats and the necessary precautions to take to protect against them. Here we explain how to be cyber resilient in the face of malware in the year ahead.
Malware Education
Without understanding malware – what it is, how it works and the damage it can do to businesses – it’s unfair to expect employees to be capable of protecting against it. For businesses to stay ahead of the storm, educating the workforce is key.
It is uncommon to now find a “one-size-fits-all” form of malware. Instead, each step of the process builds to get the most out of a target, such as this malware and ransomware demand. Below is an example of a brutal, but unfortunately typical, process of infection from the Emotet malware.
First, attackers gain a foothold within a computer network, often through phishing techniques that get an organisation’s employees to click on emailed links or attached documents. Once clicked on, a malicious script is run which then downloads the main executable, in this case, Emotet.
Emotet then gains access to additional parts of that network through password theft and other tricks such as the use of exploits and unpatched systems. It spreads as much as it can and then drops its payload. The most common malware used for this stage is Trickbot.
Trickbot steals every piece of valuable data it can find, including credit card, banking details, bitcoins, and anything else it can send back to the cyber criminals. Trickbot then drops the last payload, which is usually Conti or Ryuk, which encrypts every machine and shared drive it can access before demanding a ransom payment to be made.
By having insight into the stages used and knowledge about how different types of malware work together, employees will be able to understand how modular malware infects computer systems and how they can take action to prevent attacks. Additionally, businesses will be able to identify areas of their network which may be vulnerable.
The Increased Risk of Remote Working
When organisations around the world were ordered to work from home, many weren’t prepared for this physical shift of technologies and network perimeters, amplifying the problem of protecting both personal and proprietary information. From bring your own device (BYOD) risks to working on open networks and employees facing the distractions of being at home, cybersecurity needs to be a priority in today’s working-from-home-world.
Businesses need to take action to reduce the number of vulnerabilities and cyberchallenges associated with a largely or entirely remote workforce. By using a virtual private network (VPN) for all business communications, network and Wi-Fi communications can be kept encrypted, making it much harder for …
… hackers to gain access. Additionally, IT teams should develop and implement security policies and guidelines for BYOD requiring the correct security software to be installed on each device and ensuring updates to the latest operating systems are made consistently. Home router setups together with the general insecurities outside of the office need to be considered as part of a full review into the new norm.
Creating a Cyber-Aware Culture
Organisations of all sizes have to accept they aren’t immune to cyberattacks, that the latest technologies don’t safeguard all operations and breaches are inevitable. However, with a cyber-resilience strategy, the right technology and security protocols in place and an educated workforce, businesses can considerably reduce risk and bounce back, even if data or operations are affected.
Security awareness training programmes offer regular, consistent and up-to-date education to help employees remain ahead of potential threats and learn how to spot and act upon any suspicious activity. By undertaking training campaigns covering essential topics, including phishing simulations, social-engineered attacks and password hygiene, organisations can gain insight into their internal systems and employee weak points to help aid proper prevention. Businesses also need to prioritise consistent communications to employees, reminding them of the threats to watch for and that cybersecurity is an organisational priority. Content to employees should be tailored to their level of familiarity with cybersecurity to ensure actionable takeaways and advice are easy to identify and incorporated into their daily routines.
The Role of MSPs
Many small businesses and organisations often struggle with a lack of IT resources or personnel. By leaning on or investing in a managed service provider (MSP), organisations can adopt the best cybersecurity practices custom-fitted to their IT environments and those of the clients they serve.
MSPs offer immense value to small and medium-sized businesses (SMBs) by helping them to implement essential tools, strategies, technical expertise and support to keep data and employees secure. MSPs must take a proactive role in understanding the current state of a customer’s ability to protect against, prevent, detect and respond to modern cyberthreats when recommending the best approaches to combat modern malware and being cyber resilient. By building an offering that aligns with varying levels of cyberawareness and resilience, MSPs can help SMB IT and cybersecurity modernisation efforts at every step of the way.
With malware constantly evolving as a pivotal attack vector, it’s time for cybersecurity to become embedded in the DNA of every business to protect assets and reputation. Companies must take a more comprehensive approach toward security to address the threats posed by malware, including monthly security education, enhanced collaboration between teams, and teaming with the right MSP to help create a secure business approach to malware. Having a multilayered security strategy allows businesses to be cyber resilient, even in the face of continued COVID-19-related disruption and evolving malware threats.
Daniel Warelow is a product manager at Giacom. His role includes conducting market research; vendor on-boarding and in-life product management; generating product requirements; determining specifications, pricing and time-integrated plans for product introduction. You may follow him on LinkedIn or @GiacomCM on Twitter.
Kelvin Murray is senior threat researcher at Webroot, and previously was a threat researcher in its EMEA division for four years. You may follow him on LinkedIn or @Webroot on Twitter.
Read more about:
MSPsYou May Also Like