Why file-borne malware has become the weapon of choice for attackers

Today’s columnist, Aviv Grafi of Votiro, writes that hackers understand that embedding malicious code into Microsoft Office files and other popular apps can reap huge rewards. Grafi says companies can stop file-borne malware by investing in new technologies and adopting zero-trust principles. (Stephen Brashear/Getty Images)

The latest numbers on hidden malware are out, and there’s good news to report. The number of new malicious file attacks was down in 2020 for the first time in five years, and the decline continued for most of 2021. SonicWall Capture Labs recorded 2.5 billion malware attempts in the first six months of 2021, down from 3.2 billion at this time last year — a decrease of 22%. That’s a significant improvement from where we stood in 2018 when malware attacks peaked at 10.5 billion.

That’s the good news. The bad news: the overall picture of malware heading into 2022 is not that rosy.

Hackers have not abandoned cybercrime. They’ve simply learned from their experiences that traditional “Hail Mary” attacks are not as lucrative as targeted ones. Gone are the “spray-and-pay” methods where hackers send a low-level virus into the internet and hope it sticks somewhere. Today, sophisticated cybercriminals research their targets and develop specialized malicious code that’s likely to do the most damage or bring in the most money. In fact, SonicWall reported more than 260,000 “never-before-seen” malware variants in 2020. Known as zero-day attacks, this type of hidden malware increased by 74% from 2019, possibly because zero-days are most likely to escape detection by traditional antivirus solutions.

We're going phishing

From the numbers, phishing schemes are now the favorite child of hackers. According to the FBI, the use of phishing emails was the most common type of cybercrime in 2020—with nearly 250,000 incidents reported. Phishing schemes are underhanded attempts to fool employees and individuals into opening and clicking on malicious links or attachments in emails. The goal of these phishing schemes may be to gain access to valuable company data or cause damage to an organization.

We can always count on human error: it only takes one successful hack. Once one unsuspecting employee unleashes the hidden malware, it doesn’t take long until the entire enterprise network becomes infected. Mimecast reports that 74% of companies experienced malware activity that spread from one employee to another in 2021, up from 61% in 2020. They attribute the increase to distracted employees working from home and the growing sophistication of these schemes. 

And the motivation? While state-sponsored cyber-terror strikes fear in the heart of every CIO, more often, it’s money that’s motivating these threat actors. And not the kind of money they can earn from ethical hacking. Today, ransomware reigns. In its 2021 State of Email Security Report, Mimecast found that business-disrupting ransomware attacks are on the rise, with 61% of companies falling victim in 2021, up from 51% in 2020.

File-borne malware: the weapon of choice

It doesn’t take the smartest hacker to realize that embedding malicious code into seemingly innocent files has become the easiest way to infiltrate businesses. Microsoft Office files and PDFs are a favorite because of their everyday use. When malicious files are opened, the hidden malware automatically executes and lets the criminals carry out their plans. These file-borne malware threats are especially challenging to detect; many of them are unknown or zero-day, meaning that standard malware detection tools or solutions will not prevent the attacks. SonicWall found that 35% of “never-before-seen” malware files were hidden in office and PDF files.

So as we head into 2022, new hidden malware threats will emerge, and the entire landscape may shift altogether. Remember, it only takes a slight tweak of a known malware signature to become a zero-day. That's why some 80% of successful breaches are new or unknown zero-day attacks, underscoring the need for proactive cybersecurity alternatives.

This means that organizations must invest beyond standard cybersecurity technologies and implement new, preventative technologies such as content disarm and reconstruction (CDR) technologies into their security stack. And, most important, companies must develop security strategies and implement solutions that help organization adhere to the zero-trust model.

Companies cannot deploy new technologies and move to zero-trust without action and investments. Security professionals need to have these conversations with company executives and board members so that their security teams are given the necessary funding to upgrade security. A few extra dollars towards the cybersecurity budget could make a huge difference – it could very well save the  company from being in the news this year as the latest cyberattack victim.

Aviv Grafi, founder and CTO, Votiro

Aviv Grafi

Aviv Grafi is Founder & CTO of Votiro, an award-winning cybersecurity company that helps organizations accept safe content and data inbound, at scale, through Votiro’s open, API-based content disarm and reconstruction-as-a-service technology. Aviv is the principal software architect for Votiro’s enterprise solution, Votiro Cloud, which protects against known and unknown malware and ransomware in data, regardless of data source or destination.

Prior to co-founding Votiro, Aviv served in an elite intelligence unit of the IDF, nurturing his passion for finding simple solutions to complex security issues. Aviv’s areas of expertise span the cyber product lifecycle—from strategy and development, through go-to market—along with network security, IDS/IPS/firewall internals, defensive programming, enterprise security penetration testing, vulnerability research, and virtualization.

Aviv speaks publicly on these topics as they are relevant in order to raise industry awareness and push for innovative solutions. Aviv holds a B.Sc. in computer science, a B.A. in economics, and an M.B.A. from Tel Aviv University. He is the inventor and principal software architect of Votiro’s enterprise protection solutions.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.