A New & Dynamic Threat
The best possible way to find the most effective solution is to examine the problem fully: Conventional cyber security initiatives simply do not address nor mitigate the now pervasive threat of malware and other adaptive persistent threats (APTs). The days of making sure your anti-virus software is up-to-date allowing you peace of mind are gone.
Modern day malware circumvents classic anomaly and signature based security architecture (anti-virus, firewalls and intrusion prevention/detection systems) by a variety of methods described below:
- Most malware utilizes social engineering techniques to gain access and control relying on a user to make a mistake.
- Most of today’s malware is polymorphic allowing it to change it’s “DNA” on the fly rendering most signature-based anti-virus solutions useless.
- Once embedded in one system, it will replicate itself to every system available on the network and in many cases “turn-off” the anti-virus software currently installed on those systems.
- Utilizing commonly used ports (which are not blocked or filtered) and either obscure, encrypted or proprietary communication protocols, it is able to beacon out to a remote system in order to retrieve further directives or download other malicious software.
- Following a successful connection to its command and control (C&C) server, the remote server now has complete control of the compromised system.
- Payloads of everything from keystroke logs to identities, bank account information, password files or credit data can be harvested and sent to the remote system.
Malware Propagation
One of the biggest challenges for security professionals is the identification of malicious activity and the prioritizing of the critical systems that require remediation. The rampant nature of the threat makes limiting its propagation extremely difficult if not impossible without valid actionable intelligence. Once a clear knowledge is obtained of it’s location, activities and trending, an effective mitigation plan can be developed and executed successfully.
