Maximize hacker prevention by understanding new malware techniques

April 20, 20184 minute read

Select article text below to share directly to Twitter!

Dismiss

Hacker prevention gets trickier each year, which means more sleepless nights for IT pros. The old-school model of perimeter-based security isn’t enough to protect your business from digital attackers anymore—threats have shifted to the endpoint—and if just one user in your network falls prey to one of the advanced phishing exploits going around, it’s open season on your IT security.

Malware is becoming stealthier, too, enabling hackers to move laterally inside your systems and pilfer as much data as they please. Here’s the good news, though: You can protect your business by getting up to speed on the new malware infiltration methods hackers have devised—and maybe even catch a few well-deserved Zs afterward. Here’s what you need to know.

Don’t let malware cloak itself in your non-executables

According to SafeBreach, one of the most successful infiltration methods today involves hiding executable files within non-executables, akin to Russian nesting dolls. With this technique, also known as nesting or packing, hackers stash malicious payloads in otherwise innocent-seeming Windows script files, macros, or Visual Basic scripts. Once those cloaked executables spring into action, they have a dangerously high probability of infiltrating your network.

If that’s not enough to freak you out, get ready: Hackers enjoy an even greater success rate when they use specific forms of this technique. For example, SafeBreach’s recent research discovered when hackers packed executables inside JavaScript, they had a 60 percent success rate of infiltrating a network. Slipping an executable inside a VBScript using HTTP resulted in successful infiltration 56 percent of the time, while nesting an executable inside a compiled HTML file format extension had a 55 percent success rate. But here’s the kicker: Hackers can move laterally through your network over 70 percent of the time once they’ve gotten in.

Watch out for Carbanak and other exploits

Nesting is worrisome enough on its own, but it isn’t the only game in town—other forms of malware are getting in on the action, too. In SafeBreach’s simulated attacks, WannaCry 2.0’s exploit of a Windows SMB vulnerability was successful 63 percent of the time. Combine that with cloud-based business applications, and your network is a big target. Carbanak, a financially motivated hacker group who uses malware exploits to do their dirty work, leverages Google’s App Script, Sheets, and Forms to stage its incursions. As ZDNet reports, Carbanak stole over $1 billion from banks in just two years, and now it’s targeting businesses.

Old exploit kits—even ones that have been around for a while—are still effective in delivering malicious payloads. They can make a run at your endpoint security and gateway solutions, bypassing defenses to gain unauthorized access to files and systems. In other cases, misconfigured security products can unwittingly invite a breach—an embarrassing instance any IT pro would want to avoid. In particular, misconfigured malware sandboxing solutions can prove vulnerable to a malware exploit if they don’t properly address all ports, protocols, file formats, and encrypted traffic.

Fight back with hacker prevention

What does successful hacker prevention look like in an environment where malware can tuck itself into seemingly innocuous files, exploit vulnerabilities in operating systems and cloud applications, hop into your endpoints, and even compromise your security systems? Once hackers have infiltrated your network with their malware, they have free reign. Plenty of office networks were designed with the assumption any transactions or exchanges within the network could be trusted, but that’s no longer the case—and it’s time to update your cybersecurity strategy accordingly.

First, try a multilayered approach to network security that better protects your business in the event of a breach. Bolster your endpoint security with devices that come with built-in security features. For instance, modern printers with embedded security features can detect and prevent an attack in progress, self-healing from a potential malware exploit and keeping it from spreading throughout your entire IT environment.

Next, regularly update and fine-tune your unique security protocols and protections, right down to where malware creeps in at the user level. Don’t forget to validate your controls and assumptions to make sure they’re correct, too—because what may look sufficient on paper may not actually hold up to an attack in reality. SafeBreach found that few businesses are actually “watching the exits,” failing to scan outbound transmissions to prevent hackers from making off with their data—so it’s essential to keep that loophole closed.

Malware is getting sneakier, but you can keep it from wreaking havoc by staying on top of new threats and keeping your IT security strategy up to date to defend your business from attacks across multiple stages of the kill chain. Securing your business from an attack doesn’t necessarily require investing huge funds in a new security solution, either. In fact, you can make real progress by making smart, timely adjustments designed to match the evolving threat. This type of proactive approach will ensure a better night’s sleep for any IT pro.

  • Recommended for you
  • Recommended for You