Page 165 - Cyber Defense eMagazine April 2023
P. 165

What’s worse, as enterprises deploy innovative solutions and tactics to prevent infection, companies with
            work-from-home  policies  and  employees  using  BYOD  or  personal  devices  to  access  corporate
            applications often create new malware opportunities.

            To combat this silent threat, enterprises need a new, more comprehensive remediation process that
            accounts for darkweb activity and provides more visibility into often unknown and ephemeral malware
            infections.




            The Malware Landscape Is Evolving

            One  reason  malware  is  difficult  to  detect  is  that  there  are  very  few  indicators  when  a  device  is
            compromised.


            For example, if an employee accidentally clicks on a link holding infostealer malware, the malware can
            install, siphon data, and uninstall itself in five to 10 seconds, leaving little to no evidence of the infection.
            In a matter of seconds, the employee’s credentials and session cookies are in cybercriminals’ hands.

            Likewise, popular infostealers like RedLine Stealer malware are often deployed through phishing emails,
            links in social media comments, malvertising, or malicious YouTube “tutorials.” If an unaware employee
            downloads the malware, bad actors have free reign to use the stolen credentials and data to impersonate
            the user, decreasing the odds that they will be identified as suspicious.

            While existing antivirus software offers protection against well-known types of malware, newer variations,
            such as Redline Stealer, Raccoon or Vidar are much more difficult to detect. Coupled with evolving botnet
            delivery methods that can evade detection and the fact that many malware infections occur outside of
            traditional, secure parameters, it’s no surprise companies are struggling to address the threat.

            Another crucial aspect to consider is the ongoing threat of exposed data. Traditionally, wiping known
            malware from the infected device is the most common remediation approach, but it fails to address the
            already-siphoned information now in the hands of Initial Access Brokers (IABs).

            IABs  are  individuals  or  groups  who  package  malware-stolen  data  and  sell  it  on  the  darkweb.
            Cybercriminals buy this freshly stolen data and are granted all the information needed for initial network
            access, making it easy to bypass industry-standard prevention methods like multi-factor authentication
            (MFA) and deploy ransomware.

            As if that wasn’t enough, data sold by IABs is valuable as long as it has not been reset. For example,
            although the 2019 Facebook breach exposing millions of data points happened several years ago, it’s
            possible credentials stolen in that attack are still active, making it an ongoing threat to that platform, its
            employees and its users.

            A recent rise of IABs illustrates the underlying factor driving the increasing frequency of malware attacks
            – a thriving underground economy that weaponizes and monetizes network access.









                                                                                                             165
   160   161   162   163   164   165   166   167   168   169   170