Malware Attack

What is malware?

Malware is an umbrella term for various types of malicious programs that are delivered and installed on end-user systems and servers. These types of malware programs fall into commonly referred to categories such as:

• Ransomware – prevent access to files unless a fee is paid
• Backdoors – remote users can access a system and possibly move laterally
• Banking Trojans – view or steal banking credentials to access accounts
• Keyloggers – capture typing, especially credentials
• Stealers – steal data like contacts, browser passwords, etc
• RAT – remote access tools for broad remote control capability
• Downloaders – download other malware, depending on a number of factors
• POS – compromise a point of sale device to steal credit card numbers, debit card and pin numbers, transaction history, and more

More sophisticated types of malware will combine the capabilities of more than one of the above, and we frequently see malware employing evasion tactics to avoid detection.

Evasion techniques

Evasion techniques are an important topic, as security tool effectiveness goes down when attackers apply one or more evasion techniques successfully. A subset of these malware attack techniques are below:

• Code obfuscation – use of encoding to hide code syntax
• Code compression – use of compression formats like gzip, zip, rar, etc to hide code syntax
• Code encryption – apply any number of encryption techniques to hide code syntax
• Steganography – hide code or programs in images
• Domain or IP range avoidance – identify domains or IPs owned by security companies and deactivate malware if it is in those locations
• User action detection – look for actions like right or left clicks, mouse moves, and more
• Time delays – lie dormant for a period of time, then activate
• Recent file detection – look for past actions like opening and closing files from multiple applications
• Device fingerprinting – only execute on certain system configurations

Attackers can employ one or more of the evasion techniques to give their malware a better chance of avoiding detection and only running on human run systems.

Malware attacks within organizations

Malware has been seen attacking organizations in nearly every vertical. While some criminals use malware to directly attack an organization, we’ve seen malware attacks attempt to sidestep the normal delivery via email.

Attacking companies that rely on the exchange of external documents has proven to be a good target for criminals. As every organization depends on people, criminals have keyed into the opportunity to drive malware attacks to targeted companies through the HR function. By using a direct upload or sending resumes through recruiting job sites, attackers have been able to deliver resumes directly to employees while avoiding a key detection mechanism, the secure email gateway.