top of page

How Companies Should Protect Themselves From Malware in 2023

OPSWAT, a critical infrastructure protection (CIP) cybersecurity solutions provider, has unveiled the findings of its in-depth Threat Intelligence Survey. This study, collating insights from more than 300 IT professionals at the helm of malware detection, analysis, and response within their respective organizations, sheds light on the dynamic landscape of threat intelligence.

OPSWAT Threat Intelligence Survey
Source: OPSWAT Threat Intelligence Survey
Jan Miller, CTO, OPSWAT

We sat down with Jan Miller, CTO of Threat Analysis at OPSWAT, to discuss evolving malware trends and how organizations should be protecting themselves.

How prevalent and pervasive is malware as an initial threat vector, and how has it evolved in sophistication over time?

Malware as such is not the initial threat vector. Rather, it will most likely be a document sent as an email attachment where the document contains a script that fetches the malware or sends the unwitting user to a website that in turn launches malicious code. That’s really the biggest evolution over the past few years – malware infections are multi-stage. So, it’s important to detect as early as possible from the point of that initial vector – the website in the phishing email, or the script in the malicious document.

Additionally, anti-evasion technology in malicious scripts (standalone or part of documents) has become more sophisticated over time (e.g., we see an increase in threat actors using multi-layered (PDF with JavaScript, Office with PowerShell, VBS, etc.) documents targeting a specific organization). To summarize, there’s an overall sophistication by adding more layers, niche file types (e.g. XLM 4.0 macros), anti-evasion technology and more tailored malware that target a specific organization or region.

How can staying up-to-date with malware trends help cybersecurity professionals gain valuable insights into the latest attack vectors and techniques used by threat actors?

Organizations need to learn about the evolution of malware and new tricks being implemented, to consistently be able to vet and benchmark their security toolset and pipeline against new malware samples. I think that is why red teaming is invaluable. Having blind trust in the vendor is no longer an option.

When it comes to targeted attacks, organizations should understand what category they are in and who is most likely to attack them. Understanding the MITRE ATT&CK Framework tactics & techniques and practicing play book exercises will help them stay ahead of evolving threats.


What are some of the future technologies and techniques that can be helpful in the fight against malware?

Everyone talks about AI, but after stripping out the hype, there is a real use case for AI. We already leverage ML to detect patterns and identify new malware that belongs to a known/existing malware family. It’s easy for malware authors to make trivial changes to a malicious file or change a URL. But the underlying threat actor infrastructure and core functionality tends to have a lot of inertia. ML is key to identifying those commonalities and making the connections. AI will play a role in automating the response and remediation.

Detecting threat actors is just as important as detecting malware, which is why integrated solutions (e.g. XDR with EDR + Sandbox capabilities), in general multi-layer defenses, are a promising approach. What advice would you give to organizations to prepare for and combat malware?

Never forget, or underestimate the importance of, the basics. You can’t manage what you can’t measure, and similarly in cybersecurity. If you don’t have knowledge of all your assets and visibility into them, all the great detection and analysis tools won’t help you see blind spots.

Additionally, establish red teaming and a multi-layered defense, which should include EDR, sandboxing and multiscanning at the perimeter. And, by adding in 24/7 monitoring and threat hunting, security teams have a better understanding of malware analysis and really dissecting their findings and IOCs. ###

Comments


bottom of page