Home Blog 4 Simple Steps To Guard Against Document-Based Malware

4 Simple Steps To Guard Against Document-Based Malware

 2019/04/07   Cisco Security Solutions   469 visit(s)

   
 By:Ctelecom
How_to_protect_against_document-based_Malware_-_Ctelecoms_Blog

Evolving malware continues to pose threats to business all over the world, and a new Barracuda Networks research has revealed a rise in the use of document-based malware since the beginning of 2019.

What is Document-based Malware?

Document-based malware typically comes in the form of an email attachment that, when opened, automatically runs software hidden in the file or runs a script that pulls it from a remote website, the latter making it much harder to detect since there's no malware code included in the document when it's downloaded.


The tricky thing about document-based malware is that it changes the way cybersecurity professionals need to think about malware. The days of definition-based security is over, Barracuda said; it's up to security teams to "think about malware detection by asking 'What makes something malicious?' rather than 'How do I detect things I know are malicious?'"

A new generation of malware attacks

Nearly half (48%) of all malicious files detected in the past 12 months were some kind of document, the report said.
Malicious documents are part of a larger transformation in the way malware that targets businesses is distributed: Instead of just launching attacks at random, modern cybercriminals are very intentional about their work.

Reconnoitering a target, crafting custom attacks, determining the right targets, and launching the attack (possibly via a malicious document) is just the beginning of the process, followed by all the damage an attacker can do once inside a network.

Because of the sophistication of new attacks, the report said, cybersecurity professionals need to change how they defend their networks.

How To Protect Yourself Against Document-based Malware

The report points out that the complex, layered nature of modern cyberattacks requires a complex, layered security approach. Barracuda recommends four security methods in response to document-based malware:

1. Use blacklists:

Spammers attacking an organization via malware-infected email attachments are increasingly using their own infrastructure, which means blacklisting their IPs should prevent repeat attacks from the same source.

2. Implement a spam and phishing detection system:

A good spam/phishing filter can detect suspicious elements of a message or attachment that the average user will miss. Human error accounts for around half of security incidents; a good filter can cut that number down by screening out messages before they get to recipients.

3. Don't neglect malware detection:

Antivirus software that uses both static and dynamic analysis can pick up on a document trying to run an executable or download something from the web, neither of which should be done by a document. Static analysis can also detect attempts to obfuscate code and can recognize a document as malicious.

4. Set up your firewall to detect malware:

Some firewalls can be configured to recognize malicious traffic, which can stop a malware document from downloading code or communicating with its command and control server. This is a last-ditch defense, but shouldn't be discounted—it can prevent a lot of headaches and make finding the infected machine simple.

If you need further help with your cyber-security practices, feel free to contact Ctelecoms any time you wish.