Hunting for malware is a lot like trying to keep a garden from being choked by weeds. Every once in a great while, different types of weeds may cross-pollinate to create a new strain. For the most part, however, cybersecurity professionals are familiar with most of the malware they discover. In fact, most of that malware, much like weeds in a garden, arrives in much the same way.
A report this week from Malwarebytes, a provider of endpoint security tools, details the extent of the challenge cybersecurity professionals routinely face. The WannaCry ransomware attack that devasted so many organizations is now two years old. It turns out, however, more recent attacks such as EternalBlue and EternalRomance are exploiting the same weaknesses.
Worse yet, Trojans such as Emotet and TrickBot are using the same techniques employed by WannaCry to propagate themselves across the enterprise. Emotet, of course, has been around for a long time. Originally designed to steal credentials from financial services organizations, later generations of Emotet added spamming and malware delivery services. Variations of Emotet can now be found in IT systems deployed in just about every vertical industry.
Other forms of malware that can still be routinely found on systems include:
- Ursnif: As one of the most widely employed forms of information-stealing malware targeting Windows PCs, Ursnif has existed in one form or another since at least 2007.
- Zeus: Published in 2011, there are now a wide variety of variants that are constantly being tweaked by cybercriminals.
- Kronos: Discovered in 2014, this class of malware capable of stealing both credentials and injecting code into websites. It is also believed that Kronos serves as the foundation on which Osiris malware is now being delivered.
Thanks to the increased sophistication of phishing attacks, most cybersecurity professionals are resigned to the fact that malware is lurking somewhere on their systems. The challenge now is finding and removing that malware before it becomes activated. Of course, some forms of malware are a lot harder to remove than others. But hunting for malware has now become one of the most proactive measures any organization can implement to improve their overall cybersecurity posture. Cybersecurity professionals may never find every single piece of malware in their environment, but the more they prune the odds mayhem will be unleashed correspondingly decrease. It’s a lot easier to quarantine a handful systems versus say hundreds that might all have malware on them activated at the same time.
Hunting for malware, of course, sounds a lot more glamorous than weed control. Most cybersecurity professionals, however, appreciate what it takes to maintain a garden. Real hunting is reserved for more exotic species of malware that advanced cybersecurity specialists are likely to first identify. That makes it easier for the rest of the cybersecurity community to determine whether that new species has invaded their IT garden.
The good news is that in time technologies such as machine learning algorithms will make it simpler to identify various malware strains. There may even come a day when removing malware becomes just another highly automated process. In the meantime, there’s no substitute for a little organic herbicide and a good old-fashioned weed whacker.Most cybersecurity professionals are resigned to the fact that malware is lurking somewhere on their systems. The challenge now is finding and removing that malware before it becomes activated. Click To Tweet
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.