Malware Madness: Understanding the Changing Malware Landscape and Emerging Threat Techniques
As enterprises grapple with the security implications of hybrid work, malware continues to evolve and grow in sophistication. In fact, malware is no longer limited to traditional risky web categories; it now lurks everywhere, from cloud apps to search engines.
To avoid falling victim to malware, security managers need to understand how these threats evolve, regularly review their malware protection strategy, and consider all possible entry points. To do this effectively, we must first think like an attacker to better understand how malware enters organizations around the world.
SEO as the primary attack method
Attackers are becoming increasingly savvy, using search engine optimization (SEO) techniques to push malicious links and files to the top of users’ search engine results. This tactic is directly linked to the rise in malicious PDF downloads, with recent research finding that malicious PDF downloads have increased by 450% in the last 12 months. By boosting the ranking of malicious PDF files on popular search engines such as Google and Bing, these attackers are able to quickly spread malware to often unwitting users.
Understand malware origins and targeted techniques
SEO is just one of the techniques used by attackers to trick victims into downloading malware hosted on the web or in the cloud. Emails, SMS, messaging apps and social media are also commonly used to attract users. Web-based malware downloads come from many different categories of websites, driven by technology sites and content servers, while cloud-based malware downloads come from hundreds of different apps, driven by apps popular cloud storage.
Notably, the origin of malware downloads on the web and in the cloud usually come from servers located in the same regions as their victims. It’s a growing trend that underscores the growing sophistication of cybercriminals, who frequently stage malware on content servers and cloud applications to evade geofencing filters and other traditional prevention measures.
When attackers design decoys to deliver malware, they are usually trying to take advantage of major societal events, such as COVID-19. They also tend to design decoys that create a sense of urgency, such as a shipping bill that needs to be paid or the confirmation of personal information in a healthcare form. These lures account for the majority of malware downloads. Attackers can also use more technical approaches, such as software exploits, drive-by downloads, or HTML smuggling to download malware onto the victim’s device. So what can be done to help boost protection?
How to stop malware downloads
- Scan everything: Organizations typically allow sanctioned cloud apps to bypass content inspection, and attackers take advantage of this bypass by abusing the same apps. Instead, organizations should analyze all traffic, including popular cloud applications. They should also scan all file types. While PDF files are currently very popular with threat actors, we continue to see a wide variety of files abused for malware delivery.
- Add layers: Don’t rely on just one security solution to protect your data. Ensure that you can detect post-compromise behaviors such as command and control and data exfiltration that could occur after an attacker gains access to an endpoint.
- Reduce the risk surface: Reduce the risk surface by limiting downloads and uploads to unauthorized apps and sites. Use technologies such as Remote Browser Isolation (RBI) to isolate endpoints from web threats.
The immediate first step to building a stronger security architecture is recognizing that these threat trends are occurring in today’s digital environment. Regularly reviewing the organization’s malware protection strategy and ensuring that all possible entry points are considered is one way for security teams to stay one step ahead of cybercriminals. Then, by understanding the contemporary methods these malicious actors use among today’s highly dispersed business operations, security managers can provide effective and efficient protection against data theft, costly breaches, and disruptions. unnecessary productivity on an ongoing basis.