[BreachExchange] 5 Ways Malware Can Creep into Your System

Audrey McNeil audrey at riskbasedsecurity.com
Fri Apr 15 14:19:13 EDT 2016


http://www.esecurityplanet.com/network-security/5-ways-malware-can-creep-into-your-system.html

At RSAC 2016 we heard about a variety of different and innovative security
technologies, all trying to combat the increasingly aggressive threat
landscape. But one thing stayed constant: Current security technologies are
failing to effectively mitigate cyber threats.

Nearly one million new pieces of malware are released daily and nearly 97
percent of malware encountered on users' computers is unique, as criminals
automatically generate variants in order to stymie defensive software.

With over one billion websites available today and over 100,000 sites added
daily, the Web is the primary vector for malware to creep into an
organization. Most of the time, it happens without the user or IT even
knowing.

Rather than focus on creating signatures for the millions of different
malware variants – which is virtually impossible – security solutions
should focus on the attack vectors. Even though there are infinite strains
of malware, there are only a handful of vectors, some of which include
surfing the Web, Flash, phishing emails, Trojan downloads and portable
document formats (PDFs).

These are the five most common ways malware can creep into your system.

Malware Vector No. 1: Surfing the Web (Malvertising)

The Web is ever changing and growing, making it one of the most commonly
used attack vectors for hackers to steal users' data. Just by surfing the
Web, malware can be injected into a system without clicking on any
downloads, plugins or intentionally opening any files. When navigating the
Web, we put ourselves at risk. Malvertising involves injecting malicious or
malware-laden advertisements into legitimate online advertising networks
and Web pages. In the case of the Plenty of Fish (pof.com) online dating
site, ad networks serving pof.com were used as a key link in the attack
chain that ultimately infected millions of visitors' devices with the Tinba
banking Trojan.

Malware Vector No. 2: Flash Vulnerabilities

Adobe Flash vulnerabilities have been increasing over the years. Hewlett
Packard Enterprise states that of the top 20 malware-targeted
vulnerabilities last year, half were Adobe Flash vulnerabilities. Yet
roughly 20 percent of websites still use Flash. A number of high-profile
website hacks have utilized Flash in the past year.

One example: the Yahoo hack, where a seemingly trusted website was infected
with information-stealing malware. The method of the attack is nothing new.
Based on the Angler exploit kit, bad actors place ads via Yahoo's network,
and the ads direct users to sites that have been compromised and set up to
serve malware.

Malware Vector No. 3: Spear Phishing Emails

Spear phishing is one of the most common email attack vectors, where
attackers disguise themselves as other employees or legitimate entities.
With spear phishing, hackers target organizations for confidential or
highly sensitive data. This was the case with Snapchat. Despite an email
coming from an external address, neither the company's security system nor
the employee realized it was fake and payroll data was then sent to the
scammer. Especially with social engineering coming into play, hackers are
becoming much more sophisticated and their attacks more personalized and
enticing.

Malware Vector No. 4: Web Trojan Download

We are seeing a pattern with Chrome extensions, WordPress plugins and the
like; software that starts out safe is turned into malware, either through
exploitation or a software update. The initial download of the legitimate
software is used as a Trojan horse. When a user installs third-party
software, it's impossible for existing security mechanisms to detect if
it's malware or not. Most recently we saw a Mac ransomware that used a
backdoored BitTorrent client that came in via a software update.

Malware Vector No. 5: Weaponized Documents

PDF and Microsoft Office documents such as Word and PowerPoint permeate the
Web. This is something that we don't often notice - until a critical
vulnerability shows up. Popular browsers like Chrome and Firefox contain
built-in viewers for PDFs, which enable document viewing to blend
seamlessly with the native Web experience. But easy document viewing can
come at a price. A simple click, (whether on the Web or in an email), can
lead to a document that's potentially weaponized and laden with malware.

Data breaches are costing enterprise companies millions of dollars each
year, and that number won't slow down any time soon. Security detection
mechanisms look for a finite set of malware patterns, but the number of
variations is infinite and impossible to effectively track.

Despite the growing sophistication, infection vectors stay constant. Every
breach starts out with the same vectors, and the two largest buckets
encompass Web and email. The only difference is what the malware does
post-breach. If we are to begin to truly combat malware, we need to start
by securing the vectors.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160415/205f5f4d/attachment-0001.html>


More information about the BreachExchange mailing list