What is Advanced Malware?

Data Security Knowledge Base

A Definition of Advanced Malware

Text

Advanced malware, sometimes referred to as advanced persistent threats (APT), are malware strains engineered with advanced capabilities for infection, communication and control, movement, or data exfiltration/payload execution. Advanced malware is often built for stealth or persistence and is capable of avoiding detection by traditional antivirus solutions. Recent years have seen a rise in attacks involving advanced malware, putting businesses at risk due to the malware’s sophisticated attack capabilities and the rate at which it evolves to stay ahead of detection.

How Advanced Malware Works

Text

Advanced malware attacks typically follow a common attack sequence:

Image
advanced-malware-attack-sequence

Planning:

This stage involves selecting a target and researching the target’s infrastructure to determine how the malware will be introduced, the communication methods used while the attack is in progress, and how/where the data will be extracted. In advanced malware attacks, this stage typically includes the planning of targeted social engineering attacks (such as spear phishing) for initial malware introduction.

Examples of Common Types of Advanced Malware

Text

Ransomware, an increasingly common threat, can be considered a form of advanced malware. Ransomware limits or sometimes completely blocks users from accessing their system through a number of methods such as locking the screen or restricting access to/encrypting files until a required sum is paid. The familiar names Cryptowall and Cryptoblocker are ransomware varieties, as well as the earlier CryptoLocker and the more recent Locky and TeslaCrypt. With victims paying up in order to regain access to vital systems and data, ransomware proves a lucrative tactic, only encouraging further proliferation of this form of advanced malware.

Best Practices for Defending Against Advanced Malware Attacks

Text

As discussed above, the obfuscation techniques employed by advanced malware make many traditional security solutions ineffective at detecting or defending against advanced malware attacks. Organizations are turning to solutions that employ context- and behavior-based detection to identify and stop malware based on its activity rather than signatures. To improve detection of advanced malware attacks, organizations should monitor for increased threat activity or other anomalous behavior within systems. Your organization should monitor at the endpoint level for warning signs of an advanced malware attack, including network exploration, suspicious file transfers, and communication with suspicious command and control servers.

Advanced threat detection technologies provide sandboxing and monitoring to detect advanced malware attacks. Sandboxing enables you to execute and observe the suspect file in an isolated environment before it is permitted on the network, thereby potentially enabling detection before it has the opportunity to infiltrate your systems and cause damage.

Advanced malware prevention and protection efforts should focus on securing threat vectors – both infiltration and exfiltration points – to minimize the potential for infection and data egress. Applying controls at vectors such as email, internet connections, file transfer, and USB provides defense against advanced malware infections for early stage attacks as well as data exfiltration in the event of successful advanced malware infection that is attempting to carry out the final stages of its attack. All sensitive data assets should be encrypted with all keys stored securely as a last line of defense as well. This will help to ensure that damages stay at a minimum even if the network is infiltrated and the event goes undetected.

Finally, with social engineering attacks on the rise, it’s also critical to provide comprehensive and ongoing cybersecurity education to employees. Phishing attacks are a favorite delivery method for advanced malware attacks, and as a result it is important that employees are familiar with these tactics so that they can avoid being infected with malware if they are targeted in an attack.