It’s Raining Malware: Understanding and Protecting Against Today’s Threats

Daniel Warelow

Kelvin Murray

Despite the advancements of antimalware solutions, malware variants are becoming increasingly prevalent, sophisticated and evolved. In addition, there are new trends in execution such as the increased modularity of malware where a combination of attack methods and mix-and-match tactics are used to ensure maximum damage and/or financial loss.

The rise of malware has only been accelerated by COVID-19 as more remote workers access unsecured and home networks, away from the physical help of IT teams or in-person peer support. As many businesses continue to face financial uncertainty as a result of the pandemic, there has been an increase in spam emails requesting legal action for late or missing payments. During the peak of COVID-19, Her Majesty’s Revenue & Customs (HMRC) took down nearly 300 COVID-19-related scam sites and domains. This signifies government cyberawareness, which is always necessary, but to effectively stop malware and social engineering attacks such as phishing, employees must also be invested in the fight. This cannot be understated, as recent Webroot research into phishing and global click habits has shown over three-quarters of employees are still opening emails and clicking links from unknown senders.

The modern threat landscape and ongoing evolution of malware are loud factors pushing every business to understand and identify modern malware threats and the necessary precautions to take to protect against them. Here we explain how to be cyber resilient in the face of malware in the year ahead.

Malware Education

Without understanding malware – what it is, how it works and the damage it can do to businesses – it’s unfair to expect employees to be capable of protecting against it. For businesses to stay ahead of the storm, educating the workforce is key.

It is uncommon to now find a “one-size-fits-all” form of malware. Instead, each step of the process builds to get the most out of a target, such as this malware and ransomware demand. Below is an example of a brutal, but unfortunately typical, process of infection from the Emotet malware.

1.  First, attackers gain a foothold within a computer network, often through phishing techniques that get an organisation’s employees to click on emailed links or attached documents. Once clicked on, a malicious script is run which then downloads the main executable, in this case, Emotet.
2.  Emotet then gains access to additional parts of that network through password theft and other tricks such as the use of exploits and unpatched systems. It spreads as much as it can and then drops its payload. The most common malware used for this stage is Trickbot.
3.  Trickbot steals every piece of valuable data it can find, including credit card, banking details, bitcoins, and anything else it can send back to the cyber criminals. Trickbot then drops the last payload, which is usually Conti or Ryuk, which encrypts every machine and shared drive it can access before demanding a ransom payment to be made.

By having insight into the stages used and knowledge about how different types of malware work together, employees will be able to understand how modular malware infects computer systems and how they can take action to prevent attacks. Additionally, businesses will be able to identify areas of their network which may be vulnerable.

The Increased Risk of Remote Working

When organisations around the world were ordered to work from home, many weren’t prepared for this physical shift of technologies and network perimeters, amplifying the problem of protecting both personal and proprietary information. From bring your own device (BYOD) risks to working on open networks and employees facing the distractions of being at home, cybersecurity needs to be a priority in today’s working-from-home-world.

Businesses need to take action to reduce the number of vulnerabilities and cyberchallenges associated with a largely or entirely remote workforce. By using a virtual private network (VPN) for all business communications, network and Wi-Fi communications can be kept encrypted, making it much harder for …