The threat actors who create malware variants are constantly improving their methods and innovating to subvert the cyber defense capabilities of their targets. Therefore, it becomes essential for the cybersecurity community to continually monitor the activities of new malware strains and find ways to mitigate their impact.
The security researchers at Malwarebytes, who study the various malware attack methods, have published a research report titled “Under the Radar - The Future of Undetected Malware”. The use of newer infection methods by malware authors in recent times has given rise to a new class of attacks, which could very well define the future of the threat landscape, according to the researchers.
For malware developers, evading detection while infiltrating a targeted system has always been a key goal. However, in recent times, the strategy of malware authors has undergone a major change.
“Recently, there was a noticeable shift in malware development methodology. Avoiding detection was one thing, but threat actors soon came to another realization: the longer they held the infected endpoint, the more their profit increased. As long as they survived attempts at remediation, they could turn the money taps back on,” the researchers explained.
The recent wave of malware attacks is designed to leave behind a minor tentacle, which would help attackers regrow the malware later. “As a result, with this dual focus, a new class of malware has risen to prominence: under-the-radar malware,” the researchers said.
These new class of attacks adopts propagation and anti-forensic techniques used by earlier complex nation-state attacks to avoid detection and maintain persistence. Fileless attacks have become a prime choice for cybercriminals since most of the existing security products are designed such that they are unable to fend off attacks from file-based malware.
Fileless malware attacks comprise 35 percent of all the attacks in 2018. These attacks are almost 10 times more likely to succeed than file-based attacks, according to a recent Ponemon Institute report.
Among the current threats, Emotet and Trickbot occupy a prominent spot.
Other major threats include the Sorebrect ransomware, a completely fileless ransomware infection, and SamSam ransomware - a non-automated ransomware which is controlled by the attackers in an entirely manual process using batch scripts.
“There are three primary shortcomings with what we refer to as traditional security measures, including antivirus, that fail to utilize behavioral detection and a multi-layered approach to detecting and remediating threats,” researchers said.
The researchers provide with some key pointers for improving the security solutions in use for mitigating against the future generation of malware.
To protect against the evolving threat landscape, its very important for the cyber defense solutions to understand these new strategies and adapt to modern tools in order to be ready for the new class of attacks.