Malware has become one of the most damaging cybersecurity threats to businesses today. In 2019, the cost to companies of malware incidents rose by 11 percent. Organizations spent over $2.6 million on the average to deal with such attacks.
Despite this potential damage, many companies have yet to implement more stringent security measures to guard against malware. Most still rely on conventional signature-based antiviruses and antimalware solutions which can now be easily circumvented by emerging threats such as new malware variants. Only half of malware is caught using such tools.
Clearly, organizations have to augment their security measures to comprehensively deal with malware threats. Solutions featuring content disarm and reconstruction (CDR) are now emerging. Instead of relying on identifying malware through signatures, CDR scans a file at a binary level to detect if any part of the code falls out of the file’s conventions and specifications. Any such code is then removed, thus effectively disarming potential malicious code that the file may contain.
Aside from CDR, organizations can also look at establishing a more robust security perimeter. Malware can enter company networks over the internet. So, aside from strengthening antimalware-specific defenses, security measures that strengthen potential entry points are helpful. Web application firewalls (WAFs) are particularly useful in blocking traffic that originate from malicious sources. Email filters are also useful in screening fake emails that usually contain malware.
It’s important to have a well-rounded strategy to combat these emerging threats.
Malware has come a long way from the early days of computer viruses. What started out as experiments on self-replicating software later became the means to prank computer users. Today, malware are anything but harmless and funny as they can be designed to do just about anything. They can be quite destructive and they have even been weaponized for use in cyber warfare.
Hackers now primarily target businesses to steal data. Companies store and process customers’ personal and financial information which can be sold over the black market or be used for future hacks.
To gain access to such information, hackers attempt to breach networks through a variety of vectors. They now have control over botnets that can be used in massive malware campaigns. They can use phishing and social engineering attacks or look for vulnerable points of access. Once they gain entry, they implant malware such as rootkits or remote access tools that give them access to the company’s devices and servers.
Another type of malware that has been causing many users problems is ransomware. Ransomware encrypts files and forces companies to pay a ransom to regain access. Newer ransomware variants can even exfiltrate data. This way, threat actor groups can apply more pressure to organizations who can’t risk sensitive information being leaked on the internet or simply sell the data on the black market.
Hackers have become quite clever in disguising their malware. They now use polymorphic code which allows the malware to change its signature and bypass routine scanning and detection of common antiviruses and antimalware.
Covering Multiple Vectors
Due to the shortcomings of conventional antimalware solutions, organizations have to adjust their cybersecurity strategies and incorporate more capable tools to deal with advanced threats.
They should consider adopting CDR as part of their arsenal. Through CDR, files are deconstructed and thoroughly screened to identify and remove any trace of malicious code. Files are scanned at a binary level allowing it to identify suspicious code, including polymorphic code that may be embedded in seemingly legitimate files.
This approach overcomes the limitation of conventional signature-based antimalware solutions. First, since the process doesn’t rely on the solution having access to signatures in order to disarm threats, it is useful in dealing with new malware variants. Second, the process aims to maintain file usability which is useful in case the file is an actual work document. Other solutions often have quarantine or even remove the infected file entirely to prevent the malware from spreading.
It is also important to protect across the possible vectors where malware can spread. Organizations can deploy other security on various components of their infrastructure to ensure that all files coming in and out of their networks are safe to use.
Using WAFs can prevent traffic from these known sources from interacting with the organization’s web application or email server. So, regardless of how novel the malware being deployed is, if it comes from a known malicious source, security measures will be present to block them.
Better email filters can also be deployed to screen fraudulent emails that contain suspicious attachments. 94 percent of malware that target companies is delivered through email. They can even deploy CDR it in email gateways to scan all file attachments and keep users’ inbox free from malware.
Conventional measures are failing to keep up with the evolution of malware, leaving many organizations vulnerable. The availability of malware disarm and other complementary solutions can help them protect their data from hackers. Through such measures, organizations can now keep up with hackers and can ensure that malicious files are prevented from entering their networks and those that they allow to enter do not contain malicious codes that can do damage to their infrastructure and data.