We already know the security industry witnessed several significant ransomware attacks in 2017. Some of these campaigns derived at least part of their success from recent developments among malware families more generally. These trends will no doubt continue to shape bad actors’ offensives and how defenders can hope to protect against them in 2018.

Digital security startup Minerva Labs has identified three trends in particular that emerged in 2017 and that will likely influence malware attacks into the coming year. These are as follows:

  1. Evasive Techniques

Evasive techniques are nothing new among malware samples. Neither are malware campaigns driven by exploit kits. However, the two aren’t usually studied in relation to one another.

Minerva Labs Research Report: 2017 Year in Review page 5

To rectify that issue, Minerva Labs decided to examine the extent to which exploit kit attacks in 2017 leveraged evasive techniques. Its researchers identified a total of 74 infection paths consisting of two stages, an exploit kit and a resulting payload. Of those infection paths identified, Minerva found that defenders 86% were evasive and could be prevented at the exploit kit. It arrived at approximately the same figure (eight-five percent) for those paths’ payloads.

In total, the digital security firm found that 99% of all infection paths were evasive in either exploit kits or their payloads, with three quarters leveraging evasion in both stages. The paths led to all kinds of payloads, with ransomware standing out. Most of those crypto-mlaware families detected by Minerva used at least one evasive technique. Close to half (forty-eight percent) relied on memory injection tactics. Meanwhile, other families used malicious Office files and environment tests at 28% and 24%, respectively.

  1. Defenders’ Hope for Vaccination

Many malware families are designed to avoid infecting the same endpoint more than once. With that objective in (Read more...)