Survival in the shadows

Share this article:
Survival in the shadows
Survival in the shadows

Targeted malware attacks are growing in number, sophistication and severity in the potential damage they can inflict on victims. While traditional host-based anti-virus (AV) has established its role in protecting against widespread malware, the proliferation of successful targeted attacks has revealed a weakness in the general detection of unique malware. This is not strictly a failing of the AV technology, however. It is an example of the edge cases that fall outside the usefulness of a given tool. Understanding the challenges posed by targeted malware can illuminate why AV is not a panacea to malicious software woes. 

Targeted malware survives in the shadows, avoiding detection from AV products simply by virtue of not being captured for examination. Some of the malware families take complex precautions to prevent identification, while others get by simply on the relative uniqueness of their code. With the use of crypters and packers, malware authors can easily generate an endless supply of functionally identical malware with unique hash signatures to avoid simplistic detection.

Developers of targeted malware have different objectives from their common counterparts, and the tools they develop have significant architectural and operational differences. Propagation functionality – the ability for malware to replicate – is often absent in targeted malware, while it is a defining feature of traditional worms and viruses. 

Attackers are finding ways to avoid even the network-based protections of advanced AV suites. Directly delivering non-replicating malware through email in cleverly disguised container files or malicious links is a common tactic used in targeted attacks. Seeding an area with infected USB drives or even mailing optical media with malicious AutoRun files are techniques that have been used in real-world attacks to literally walk right past the organization's security controls.

The threat of targeted malware will continue to grow and a comprehensive defense involves more than relying on detection by AV technology. A deep security posture includes the controls preventing malicious code from compromising sensitive data and alerting on the activities associated with an attack.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Beware of the malware walking dead

Beware of the malware walking dead

This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.

Why the Home Depot attack shouldn't have happened

Why the Home Depot attack shouldn't have happened

Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.

Next-generation malware: Think like the enemy and avoid the car alarm problem

Next-generation malware: Think like the enemy and avoid ...

When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.