Contributed by: Shyam Sundar Ramaswami – Lead Security/Threat Researcher, Cisco
Cyber attacks are common these days. Essentials have changed in today’s cyber world with domain names and e-mail accounts topping the list. Domain names that include .com, .org and e-mail accounts are inevitable today. While e-mail takes precedence over domain names, one cannot rule out the fact that domain names are embedded and part of many e-mails. Invoices, marketing acts, branding and even transaction tracking all involve domain names and e-mails.
The trend in cybersecurity always involves the tag “ if it’s common or popular, attack it”. Technically, e-mail names and domains are the carriers of cyberattacks. Phishing tops that list and malware takes a whooping second spot.
The defense industry which is antivirus or endpoint protection products employs methods that detect, prevent and monitor the execution of malware via behavior analysis, hash values and execution patterns. Some of the products apply the concept of entropy of files to see if the file is malicious or not. Entropy can be explained pretty well with ice cubes, weird isn’t it? Trust me, this works. The entropy of an ice cube is 0 since it is in the solid-state. When the ice cube melts, the entropy value changes. This perfectly applies to a file or an executable (.exe in windows). A good file or a legit file has a standard range of entropy and when a malicious code or vectors are added to the same, the entropy changes. Endpoint detection systems use this as a mechanism to spot, catch and quarantine malicious files.
Also Read: 15 common Cybersecurity Interview Questions
Resource availability is a boon and as well as a bane. Security researchers have access to all the white papers, product trails and references to carry out research. The same is available to the bad actors too and that becomes the reason for “Catch me if you can” tag line. The researcher cracks the attack, wins and the attacker wins in another instance.
The growing problem today is malware detecting environments and dropping malicious payloads accordingly. The usual gig is that malware is run in contained environments called “ sandboxes” where malware captured, studied and detonated later on purpose. This gives researchers patterns, running styles, actions carried out by malware and sometimes even the threat actor’s intent.
The resource availability part comes here, where the threat actors know how products work and detect. They end up building malware or malicious code that can detect if someone is trying to study them. By doing so, it can evade, exhibit fake behavior and even avoid analysis. This is a rising trend in the industry.
The other trend in the cyber circuit is hybrid malware or payloads. The payload is a piece of code that does a harmful act. Usually, they are in genres like ransomware (that locks computer asks for money in bitcoins), trojans (that steal passwords) and bot (adds the compromised computer as part of a massive cybercrime army). The new age malware or actors combine all of this at the same time. The payloads are intelligent enough to collect environment information like windows 7 or 10 and drop malware based on the environment. There was a case where the malware looked for password files and picture folder names, then, dropped ransomware since it had intriguing data that can be extorted and used for blackmail.
Extortion is a big business today and there several victims for the same. Threat actors are ruthless today and nuclear plants are targeted too. Forensic skills are the need of the hour since IoT will take the industry by storm pretty soon. Imagine, one connected device like a smart bulb or smart fridge is compromised and this, in turn, ends up compromising all the devices like TV, Phones, computers and lots more connected to the internet in a home.
Purchasing security products, high-end solutions and putting expensive gear in a network does not solve this problem. Educating users and education is the primary way to stop such attacks. Awareness takes the first place here, training users, making users familiar with attack patterns and case studies helps to reduce attacks.
Educating a user about malware, what it does, how it looks like and what not to click makes it a lot easier. The next time they see one they remember it and not click on the same. Courses, books, videos about the same makes a huge difference. Learn, Educate and share. These are the new age malware trends in the industry and cybersecurity researchers are building solutions to defeat the same to make the internet a better place to surf.
If you found this interesting and wish to upskill, join Great Learning’s Stanford Advanced Computer Security Program course today and unlock your dream career.0