How Security Team’s Handle Malware Analysis

During our webinar focused on the Qadars Banking Trojan there was a great deal of analysis provided on just how evasive the threat is.  This begs the question, how does your team handle malware analysis?

Since 2013, Qadars has been targeting financial institutions, POS systems, and even popular online gaming sites. However, not only is it going after dollars, it’s a particularly nasty piece of malware due to how well it protects itself. However, our malware research team was able to reverse-engineer it, and in doing so building a better defense against Qadars.

Just like the Qadars Banking Trojan, our research team regularly analyzes threats to better understand them. There are plenty of reasons for why an organization does so, but the most important end-goal is to fully understand what potential threat lies behind the click of an email. We’ve already dug into why timely analysis matters, but this begged the question of how they analyze threats. In January we launched an informal Twitter poll to get a feel for how you and your teams dissect malware, and interestingly, the results were nearly split even.

qadars twitter poll.png

With only a slight lead, Dynamic Analysis (28 percent) is ahead of the pack, with Static Analysis (26 percent) in second, and a tie between sending the malware to an online solution and outsourcing it entirely (23 percent). We later asked the same question during our webinar, and while the results were similar, we did get one slightly concerning data point.

qadars webinar poll results.png

Just like our Twitter poll, for those who are conducting malware analysis, they are primarily using Dynamic Analysis (22 percent). However, this time around we added a new option, Not Sure, just to reduce random option selections. Unfortunately what we found is that the majority of webinar participants don’t know how or if malware is analyzed (31 percent). In turn, that means these organizations may be at a heightened level of risk, or at the very least unaware that their organization could be the specific target of a threat actor (as compared to untargeted attacks).

To learn more about Qadars and how we reverse engineered the trojan, you can download the white paper here or view the on-demand webinar here.



*** This is a Security Bloggers Network syndicated blog from The PhishLabs Blog authored by Elliot Volkman. Read the original post at: https://info.phishlabs.com/blog/how-security-teams-handle-malware-analysis