Survival in the shadows

Share this article:
Survival in the shadows
Survival in the shadows

Targeted malware attacks are growing in number, sophistication and severity in the potential damage they can inflict on victims. While traditional host-based anti-virus (AV) has established its role in protecting against widespread malware, the proliferation of successful targeted attacks has revealed a weakness in the general detection of unique malware. This is not strictly a failing of the AV technology, however. It is an example of the edge cases that fall outside the usefulness of a given tool. Understanding the challenges posed by targeted malware can illuminate why AV is not a panacea to malicious software woes. 

Targeted malware survives in the shadows, avoiding detection from AV products simply by virtue of not being captured for examination. Some of the malware families take complex precautions to prevent identification, while others get by simply on the relative uniqueness of their code. With the use of crypters and packers, malware authors can easily generate an endless supply of functionally identical malware with unique hash signatures to avoid simplistic detection.

Developers of targeted malware have different objectives from their common counterparts, and the tools they develop have significant architectural and operational differences. Propagation functionality – the ability for malware to replicate – is often absent in targeted malware, while it is a defining feature of traditional worms and viruses. 

Attackers are finding ways to avoid even the network-based protections of advanced AV suites. Directly delivering non-replicating malware through email in cleverly disguised container files or malicious links is a common tactic used in targeted attacks. Seeding an area with infected USB drives or even mailing optical media with malicious AutoRun files are techniques that have been used in real-world attacks to literally walk right past the organization's security controls.

The threat of targeted malware will continue to grow and a comprehensive defense involves more than relying on detection by AV technology. A deep security posture includes the controls preventing malicious code from compromising sensitive data and alerting on the activities associated with an attack.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Technology alone isn't going to secure IoT connected devices

Technology alone isn't going to secure IoT connected ...

It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.

DDoS is the new spam...and it's everyone's problem now

DDoS is the new spam...and it's everyone's problem ...

As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.

Securing the autonomous vehicle

Securing the autonomous vehicle

We are now in the fast lane towards a driverless future. Will we have to brake for hackers?