Survival in the shadows

Share this article:
Survival in the shadows
Survival in the shadows

Targeted malware attacks are growing in number, sophistication and severity in the potential damage they can inflict on victims. While traditional host-based anti-virus (AV) has established its role in protecting against widespread malware, the proliferation of successful targeted attacks has revealed a weakness in the general detection of unique malware. This is not strictly a failing of the AV technology, however. It is an example of the edge cases that fall outside the usefulness of a given tool. Understanding the challenges posed by targeted malware can illuminate why AV is not a panacea to malicious software woes. 

Targeted malware survives in the shadows, avoiding detection from AV products simply by virtue of not being captured for examination. Some of the malware families take complex precautions to prevent identification, while others get by simply on the relative uniqueness of their code. With the use of crypters and packers, malware authors can easily generate an endless supply of functionally identical malware with unique hash signatures to avoid simplistic detection.

Developers of targeted malware have different objectives from their common counterparts, and the tools they develop have significant architectural and operational differences. Propagation functionality – the ability for malware to replicate – is often absent in targeted malware, while it is a defining feature of traditional worms and viruses. 

Attackers are finding ways to avoid even the network-based protections of advanced AV suites. Directly delivering non-replicating malware through email in cleverly disguised container files or malicious links is a common tactic used in targeted attacks. Seeding an area with infected USB drives or even mailing optical media with malicious AutoRun files are techniques that have been used in real-world attacks to literally walk right past the organization's security controls.

The threat of targeted malware will continue to grow and a comprehensive defense involves more than relying on detection by AV technology. A deep security posture includes the controls preventing malicious code from compromising sensitive data and alerting on the activities associated with an attack.

Share this article:

Sign up to our newsletters

More in Opinions

Unfair competition: Proactive preemption can save you from litigation

Unfair competition: Proactive preemption can save you ...

With each job change, the risk that the new hire will bring confidential information or trade secrets with him or her to the new company grows.

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, ...

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.