Malware is nothing new. It’s been the enemy of the internet for many years.
Despite a whole industry fighting to protect organisations from its sting, it’s not going away any time soon. Malware is a fairly broad term and refers to any software that’s been designed to intentionally cause damage to a computer, server, or network.
Everything from trojans, to worms, to viruses, to ransomware, to crypto ransomware, to cryptominers comes under this category and cyber criminals are constantly developing their next piece of devastating malicious software.
Malware is used for multiple purposes. Ransomware tried to force people to pay to get locked files back; Random Access Trojans (RATs) enable administrative control; keyloggers watch as you type and steal credentials; the lists and purposes go on.
While the vast majority of malware is used by cyber criminals to make money, there have also been instances of state sponsored hacking, where government employed hackers are tasked with stealing intellectual property or sensitive company information.
Essentially, malware protection should be a concern for every single organisation.
There are multiple ways someone can get infected with malware, from dodgy adverts on websites to rogue apps downloaded onto phones. In 99 percent of cases, however, malware uses email or web as the initial malware infection vector and can lay dormant on networks for weeks, months or even years if no-one is paying close enough attention. Phishing emails are an incredibly popular way of infecting a machine, they rely on human fallibility and, over the years, have become increasingly professional and difficult to spot.
Anti-virus was traditionally used to defend against malware infections but is no longer enough to protect organisations from the highly sophisticated techniques used by criminals today. While it’s still recommended these types of solutions are used, they need to be part of a multi-layered advanced defence, combining traditional signature-based (where the markers of known malware are used to identify it on a machine) and behaviour based anti-virus (where there are no known markers, but the behaviour of a piece of software looks likely to be malware), with static and dynamic sandboxing.
Static analysis of malware examines it without actually running it, while dynamic analysis executes malware in a controlled and monitored environment to observe its behaviour. Both types of sandboxing help organisations identify malware and inform other security tools of the threat.
Of course, ideally the malware wouldn’t get to the machine in the first place and, in order to help that, robust web and email security tools are needed. Web anti-malware can monitor the websites being visited by employees in real-time and block access to anything suspicious, while a good email security tool will scan emails before they are delivered, analysing the content, headers, links, and so on, to ensure they are safe. They’ll be quarantined if they aren’t and delivered if they are – all in the space of seconds.
For malware protection, what’s important is that all of these security tools talk to one another. It’s no use if email security finds a suspicious link, but web security let’s that link be opened. They need to work together to really provide protection.
On top of these tools, threat intelligence also plays a part to block IPs and domains that are malware distribution points, as well as prevent malware reaching out to command and control (2C) infrastructure. It also provides information on known bad files to other security tools, meaning the decisions they make are based on the latest information.
Malware protection is an on-going battle for businesses world-over, but you don’t need to live in fear of an infection. With the right tools in place, that communicate and work with one another, malware can be banished from the list of concerns.