How antimalware tools are coping to fight modern threats
By Ben Dickson
Malware attacks are now a significant threat to all computer users, given how rampant they’ve become. 72 billion attacks were recorded through the first three quarters of 2019 alone. Getting infected by malware can happen to any user.
And the results can be devastating.
Depending on the payload, malware can destroy files, hijack computing resources, and breach users’ privacy. The damage that such attacks cause can even lead small companies to effectively shut down their business.
New malware strains are even able to combine different threats. Security solutions provider Reason Cybersecurity recently discovered a Bitcoin sextortion malware dubbed as “Save Yourself” that hit hundreds of thousands of users around the world. The malware sends spam emails tricking recipients in paying an extortion fee or risk getting their online activities revealed to the public. In addition to this extortion angle, the malware also mines cryptocurrencies and hacks bitcoin wallets.
Modern malware is now also able to evade traditional security measures like antiviruses, putting ordinary users and small businesses that are limited to such solutions at higher risk. Fortunately, cybersecurity providers are actively developing better solutions to plug the gaps that standard antiviruses can’t cover. Even governments are helping to provide support.
Malware disarming platform odix recently secured a €2-million grant from the European Union. The funding is aimed to help odix make its enterprise-grade security solutions accessible to small businesses and organizations and help them mitigate modern malware threats using emerging content disarm and reconstruction (CDR) technology. CDR is capable of not only removing cleverly hidden malicious code in files but also ensuring the files remain usable after clean up. Traditional antiviruses typically require users to quarantine or delete infected files entirely, rendering personal and work data useless once they become injected with malicious code.
It’s high time that users look beyond conventional security measures and move towards implementing more comprehensive strategies.
Malware sophistication is growing
Many early malicious programs such as viruses and worms previously aimed at simply exploring the potential of self-replicating code. Most were pranks that spread funny messages and vandalized web pages.
However, malware has now evolved to become more disruptive. Today, malware is capable of destroying files, hijacking computing resources, encrypting computer systems for ransom, and accessing devices and peripherals to spy on victims. Malware can also interrupt various crucial and high-stakes activities, such as business and financial transactions.
Hacking has also become extremely profitable. Stolen personal and financial records can be sold on the dark web. Victims are also willing to pay ransom to regain access to encrypted files or avoid having their sensitive information leaked. Given the financial incentive, more malicious entities are focused on finding ways to exploit online users, and malware is now a crucial part of their arsenal.
Also, malware has grown in sophistication and has become harder to detect. Hackers use polymorphic code to enable malware to change form and adapt according to the target computer system’s security protection. Polymorphic malware can easily evade traditional antivirus protection and successfully infect computer files.
Conventional tools fall short
Most computer users rely on traditional security measures such as antiviruses and firewalls to prevent cyberattacks. Unfortunately, antiviruses are signature-based, which means that they only scan files for known threats. So, if a new strain of malware leaks into the wild, these antiviruses won’t be able to detect and remove it until such a time that the malware’s signature is added to the solutions detection database. Heuristic scanning and analysis could also fall short detecting modern malware.
Some enterprises employ sandboxing to test potentially risky files and attachments before they are cleared to be accessed over the main network. Should these files contain malware, the payload only gets deployed in isolation, and the damage remains limited within the sandbox. However, sandboxing often requires allocating dedicated computing resources. The process can be prone to false detection too.
Capable solutions on the rise
Fortunately, cybersecurity solutions providers are stepping up to provide the necessary capabilities to address malware threats.
An example is Reason Cybersecurity, mentioned above, which offers privacy-oriented features to work alongside its core antivirus and anti-malware functionalities. Reason’s solution has ransomware protection that prevents rogue encryption processes from executing on the system it protects. It also has camera and microphone protection features that screen all applications trying to access these devices. This way, malware like remote access tools that try to access these peripherals can readily be blocked, thereby thwarting spying attempts.
Other promising solutions are emerging technologies like content disarm and reconstruction (CDR), highly touted in the fight against malware. CDR works by deeply scanning files for any malicious code embedded within files. It then removes the code from the file during the sanitization process reconstructs the files to ensure its usability. This approach can effectively screen against polymorphic malware, which traditional signature- and heuristics-based solutions can struggle with.
Among the CDR segment’s key players is odix, which is working toward providing an accessible cloud-based service to smaller organizations. odix leverages its TrueCDR technology, which retains a file’s type during sanitization to minimize loss of legitimate data during the malware code removal process. Its ecosystem includes the core detection engine, an email protection component, which cleans all file attachments before they even reach a user’s inbox, and a dedicated sanitization kiosk that could be used to scan removable storage devices before they are used in other workstations on the network. This multi-vector approach helps ensure that malware won’t be able to find their way into the infrastructure.
All bases must be covered
Falling victim to malware can have grave consequences to any user or organization. As such, it’s essential to put in place the necessary security measures to mitigate malware threats. This includes:
Creating a comprehensive strategy. Companies should know how their IT infrastructure should be configured to support their business goals. But they must also be proactive in establishing their company’s cybersecurity measures. By identifying the risk factors to their business and critically assessing their weaknesses, organizations can effectively address these concerns through informed decisions.
Using capable tools. Supplementing or replacing ineffective solutions with highly capable security tools will enable organizations to better mitigate threats. This can minimize the risks that can disrupt their business operations. These can also keep both company and client information from theft and other more costly cybercrimes.
Educating users. Beyond availing modern security solutions, businesses must also invest in training their employees to be more vigilant in using compute resources. For example, many individuals are still not able to spot phishing emails, which typically contain malware as attachments. A single lapse can cause severe damage to an organization. Proper training can help both the company and its employees avoid these costly errors.
As malware-based attacks continue to rise, all users must protect themselves from sophisticated and modern threats. The increasing accessibility of capable enterprise-grade security should come as a welcome development for everyone. With proper preparation and the right security solutions, even individual users and small businesses can now better protect themselves from attacks.