Malware Remodeled

McAfee-Black-Hat-Survey-Images-v3b.png

McAfee Labs detects 387 new samples of malware every minute, according to their Labs Threats Report, 2015.  Malware is getting through enterprise defenses as attackers code new strains and re-clothe old ones in order to thwart information security tools. The malware they aim at mobile devices is maturing, usurping authority over employee hardware and leveraging that control to leap inside the perimeter.
The trend is for malware to leave minimal traces. “Attackers are trying to maintain a low profile to eliminate their chances of detection,” says Paul Morville, Founder and vice president of Products Confer, a start-up that lays claim to end-point detection and response market. 
Meanwhile, the increasing numbers of variants up the odds that one will infiltrate the enterprise network and grow deep into its heart as an APT. “Malware authors keep the target moving by creating large numbers of variants, and this can increase their chances of reaching target victims. Such morphing threats can increase the complexity in isolating the malicious code across all end points,” says Craig Schmager, Security Threat Researcher, McAfee Labs.
Malware also focuses on the employee’s BYOD laptop or smartphone when it connects to unsecured networks outside the enterprise. “These attacks are more sophisticated and attackers are using the employee as the leverage point to gain entry inside the organization,” says Morville.
Attackers infect employee devices to steal usernames and passwords that access financial accounts within the company. They also use employee laptops to get inside the perimeter and drill their way through systems and into servers housing valuable data such as intellectual property.
Even security tools are suffering. Attackers are thwarting signature-based security mechanisms with custom-compiled malware that they repackage from existing malware to create unique drive-by downloads that signature-based tools won’t recognize, according to Rich Tener, director of Security, Evernote. The malware inside is basically the same, but the signature is unique and previously unrecorded.
The cloud has given signature-based tools a boost. By storing the growing numbers of new virus and malware signatures in the cloud, the enterprise can take some of the load off of endpoints and endpoint-based anti-virus and anti-malware tools, enabling these tools and signatures to hold up under the pressure of multiplying malware examples.
With the glut of new malware appearing daily in the wild, enterprises must use behavioral analysis tools. These can include an EDR. EDRs help to mitigate employees as an attack vector when they connect their laptops to networks outside the enterprise. The best EDR tools strive to offer more thorough analysis for threat detection and more thorough response in order to remediate infections and to uncover and address seeds of infections.
Enterprises should continue to protect the network as well as the endpoints. “We use an open-source security monitoring stack that includes Bro, a network analysis framework, Suricata, a network IDS with full packet capture, and Arugs, a NetFlow engine. We also complement that with Palo Alto Wildfire, a commercial, network-based malware detection engine with an on-board anti-virus engine,” says Tener. Similar products come from Cisco and Symantec.
Organizations should also use VPNs, firewalls, and load balancers in concert to protect enterprise infrastructure. “We use these to control what services we expose to the Internet, to segment our production network from the rest of our computing infrastructure,” says Tener. By controlling access to the production environment with strong authentication tools, the enterprise can maintain a healthy separation between prized data and external threats.
Rather than using WAFs and other web application security tools, fix the vulnerabilities in the applications in order to maintain a tight grip on security. “Our experience has been that web application firewalls and runtime analysis tools introduce a lot of operational overhead, both in computing resources and engineering time to constantly tune them,” says Tener.
Enterprises should be able to maintain an acceptable level of mitigation of the multiplying numbers of malware examples after considering these and other security measures and applying the most appropriate combination for their needs.
CSO:  http://bit.ly/1d8X9iM

« Will Open Source Save the Internet of Things?
Obama Authorizes Sanctions Against Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

KPMG

KPMG

KPMG s a leading provider of professional services including information technology and cyber security consulting.

Renaissance

Renaissance

Renaissance is Ireland's premier value added distributor of IT security solutions and a leading independent provider of business continuity consultancy.

Security Stronghold

Security Stronghold

Security Stronghold is focused on protecting computers from malicious programs like viruses, Trojans, spyware, adware, trackware, keyloggers and other kinds of online threats.

Agenci

Agenci

Agenci are specialists in cyber security and information security and deliver ISO 27001 Certification.

US Cyber Command (USCYBERCOM)

US Cyber Command (USCYBERCOM)

USCYBERCOM conducts activities to ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

BioCatch

BioCatch

BioCatch uses behavioral biometrics for fraud prevention and detection. Continuous authentication for web and mobile applications to prevent new account fraud.

CyberForum

CyberForum

CyberForum supports businesses from the IT and high-tech industry in all stages of their development: from startup consulting to professional staffing and even location marketing campaigns.

Vulcan Cyber

Vulcan Cyber

At Vulcan, we’re modernizing the way enterprises reduce their cyber risk. From detection to resolution, we automate and orchestrate the vulnerability remediation process dynamically and at scale.

Barikat Cyber Security

Barikat Cyber Security

Barikat is a provider of information security solution and services including security analysis and compliance, security testing, managed security services, incident response and training.

Rubrik

Rubrik

Rubrik helps enterprises achieve data control to drive business resiliency, cloud mobility, and regulatory compliance.

SolCyber

SolCyber

SolCyber, a Forgepoint company, is the first modern MSSP to deliver a curated stack of enterprise strength security tools and services that are accessible and affordable for any organization.

Tech Vedika

Tech Vedika

Tech Vedika has access to technical guidance, training and resources from AWS to successfully undertake solution architecture, application development, application migration, and managed services.

The Purple Guys

The Purple Guys

The Purple Guys offer Trouble-Free IT Support to businesses across the Central and Southern US. Safe and Secure, Rapid Response, Friendly Support that’s our Purple Promise.

Closed Door Security

Closed Door Security

Closed Door Security is the only cybersecurity team in the north of Scotland offering everything from IASME Certification to CREST-Accredited penetration testing.

Flow Security

Flow Security

Enterprises run on data, Flow secures it at runtime. With a runtime-first approach, Flow is a game-changer in the data security space, securing data itself, beyond the infrastructure it resides in.

SOC-E

SOC-E

SOC-E is a leading technology provider for high-availability and deterministic networking, sub-microsecond synchronization and cybersecurity solutions for critical sectors.