2019/04/07 Cisco Security Solutions 469 visit(s)
Evolving malware continues to pose threats to business all over the world, and a new Barracuda Networks research has revealed a rise in the use of document-based malware since the beginning of 2019.
Document-based malware typically comes in the form of an email attachment that, when opened, automatically runs software hidden in the file or runs a script that pulls it from a remote website, the latter making it much harder to detect since there's no malware code included in the document when it's downloaded.
The tricky thing about document-based malware is that it changes the way cybersecurity professionals need to think about malware. The days of definition-based security is over, Barracuda said; it's up to security teams to "think about malware detection by asking 'What makes something malicious?' rather than 'How do I detect things I know are malicious?'"
Nearly half (48%) of all malicious files detected in the past 12 months were some kind of document, the report said.
Malicious documents are part of a larger transformation in the way malware that targets businesses is distributed: Instead of just launching attacks at random, modern cybercriminals are very intentional about their work.
Reconnoitering a target, crafting custom attacks, determining the right targets, and launching the attack (possibly via a malicious document) is just the beginning of the process, followed by all the damage an attacker can do once inside a network.
Because of the sophistication of new attacks, the report said, cybersecurity professionals need to change how they defend their networks.
The report points out that the complex, layered nature of modern cyberattacks requires a complex, layered security approach. Barracuda recommends four security methods in response to document-based malware:
Spammers attacking an organization via malware-infected email attachments are increasingly using their own infrastructure, which means blacklisting their IPs should prevent repeat attacks from the same source.
A good spam/phishing filter can detect suspicious elements of a message or attachment that the average user will miss. Human error accounts for around half of security incidents; a good filter can cut that number down by screening out messages before they get to recipients.
Antivirus software that uses both static and dynamic analysis can pick up on a document trying to run an executable or download something from the web, neither of which should be done by a document. Static analysis can also detect attempts to obfuscate code and can recognize a document as malicious.
Some firewalls can be configured to recognize malicious traffic, which can stop a malware document from downloading code or communicating with its command and control server. This is a last-ditch defense, but shouldn't be discounted—it can prevent a lot of headaches and make finding the infected machine simple.
If you need further help with your cyber-security practices, feel free to contact Ctelecoms any time you wish.