3 Stages to Mounting a Modern Malware Defense Program

You would be hard-pressed these days to remain ignorant of the growth of ransomware incidents experienced by organizations large and small. We’ve seen a ton of press around these events, from CryptoLocker to WannaCry. The impact of this type of malware is newsworthy.

The landscape of malware is changing, however. While ransomware is still a significant force, there’s (re)growth in other types of malware. In order to get a picture of how things are changing, I pulled the data from the Multi-State ISAC’s monthly Top 10 Malware for 2018 and created this trend chart.

The ‘type’ labels here are mine. The chart shows a decline in reports that involve a modular or loader type of malware, generally used to deliver some other payload. It also shows a slowing growth in ransomware, but the big spikes are notable. The other category to pay attention to, because of its steady growth, are the banking Trojans.

The key conclusion here, I think, is that ransomware is only one type of malware that you need to worry about. It’s not even or always the most prevalent. This conclusion is supported by other data sources. Ransomware is on the decline.

Ransomware is different, however. Its characteristics differ from other malware in meaningful ways. First, ransomware has to announce itself in order to get the ransom paid. It’s designed to be discovered. Second, it requires user action to pay the ransom, and it requires the attacker to take action (providing a decryption key) when the ransom is paid. Finally, once it’s been successfully executed, the target is effectively burned. Ransom is generally paid only once.

Compare those characteristics to other malware that needs to be stealthy, to avoid user interaction and to persist as long as possible. These differences mean that defense has to be (Read more...)