Current Filter: Network>>>>>Opinion>

   

Based on their 2015 Data Breach Investigations report, Verizon claims that hackers are hitting organisations with malware based cyber-attacks five times a second. That’s a staggering frequency of attack and it seems that more criminals are evading detection. Verizon also confirmed that 70 to 90 per cent of malware samples had a unique signature.

It's not surprising then that these seemingly nefarious pieces of software code, viruses, worms and Trojans are a major challenge for us all. By sneaking onto corporate networks, malware can siphon off company secrets, steal personal identity information and provide attackers with network access. Regardless of purpose, it's important to understand how unwanted malware infects systems and what can be done to efficiently identify and eradicate the threat.

HOW IT GETS IN
Malware can enter an organisation in numerous ways. The most common is a website download to a desktop or smartphone. Previously, users had to visit an infected website, but with their increasingly sophisticated techniques hackers are able to provision their malware download using popular news, sport or entertainment websites. It just requires exploitation of a flaw on the site or access to a third party website such as a banner advertising service. This means that any website could be the source for unwanted malware downloading onto a computer without the user's knowledge.

Sometimes attackers engage in phishing schemes and use spam emails to trick users into clicking links that connect them to special websites, using convincing emails that appear to have been sent by a bank or other trusted source. Additionally, malware can be attached to documents including MS Word, Excel, PDFs and even pictures shared between users and transferred from system to system.

DESIGNED TO EVADE DETECTION
In an attempt to catch all types of malware, organisations run anti-virus software. When anti-virus software companies discover new malware, they create a unique signature for it and send software updates to subscribers. When the software detects a known signature, it alerts the user.

The problem is that hackers creating malware know how anti-virus works and intentionally test to deceive the same anti-virus software. This creates a constantly evolving stream of new malware that is undetectable by anti-virus software until a sample is caught and a new signature created. In some cases, if the malware is used sparingly by the developer it may never be detected, leaving systems infected and exposed.

Getting malware into a corporate network is the initial move in any cyber-attack. Sony, Target, Home Depot, and Anthem are all examples of attacks that began in this way. While malware is often designed for specific purposes such as stealing credit card information or intellectual property, in the case of Sony, some attackers simply wanted to wreak havoc.

WHAT CAN BE DONE?
Whatever the motivation the impact of a long term malware infestation is clear, and organisations must actively identify and eradicate malware continuously and quickly. Anti-virus software is the first line of many defence layers that preserve a security posture.

However, because of the low detection rates, anti-virus shouldn't be the only tool in your armoury. Organisations must also keep software patch levels up to date and analyse network traffic logs, to ensure that the patches are correctly applied and anomalies identified before malware fully establishes itself inside the system.

While these methods are all layers in a security posture, one of the best lines of defence is to invest in a continuous network monitoring system that can analyse network traffic and identify suspicious activity. Using normal website traffic patterns it is easier to spot abnormal malware activity, allowing immediate action which can dramatically increase security levels and reduce the time that malware infestations reside undiscovered.