New Malware: The Landscape of New & Evolving Cyber Threats in 2019
Get up to speed on the latest and ‘not-so-greatest’ types of malicious
software
Malware. Frequently in headlines accompanying words like “data
breach,” “cyberattack” and “ransomware,” malware is a word that has rapidly
become commonplace in our digital world. The uphill battle of dealing with new
malware, or malicious software, is about as palatable to infosec professionals as
drinking the chunky, curdling milk that you accidentally left in the back of
your fridge for the last three months.
Different types of malicious software are the bane of business IT
systems everywhere and come in many forms — and many existing ones are
continually evolving into new threats to avoid detection.
But what exactly qualifies as malicious software? And, moreover,
what are the latest cyber threats in the world of malware that have been making
headlines?
Let’s hash it out.
What qualifies as malware?
If you were to gather a group of infosec professionals and
ask them what qualifies as “malware,” you’re likely to get a variety of
answers. For some, the term refers to worms or trojans. For others, it could be
adware, spyware, or even a computer virus. To put it in general terms, malware
is any type of malicious software, program, or file that is harmful in nature.
That’s a pretty generic definition for something highly
complex and comprehensive. After all, although some types of malware are static
in nature, others are continually changing — such as polymorphic
malware or metamorphic malware. It’s a seemingly all-encompassing
categorization.
Even Microsoft tends
to be pretty general in their definition of malware: “Malware is the overarching name for
applications and other code, i.e. software, that Microsoft classifies more granularly
as malicious
software or unwanted software.” That helps a bit but not
too much. Let’s look a little deeper at what they mean.
When it comes down to it, Microsoft lumps most types of
malicious software into 13 categories:
- Backdoors
- Downloaders
- Droppers
- Exploits
- Hacktools
- Macro viruses
- Obfuscators
- Password stealers
- Ransomware
- Rogue security software
- Trojans
- Trojan clickers
- Worms
Unwanted software, on the other hand, refers to those that:
- Don’t allow users to choose whether they’re
active, - Don’t allow users to control whether they’re
active, - Don’t allow users to install or remove them;
and/or - Contain advertising and advertisements.
It’s interesting to note that Microsoft is careful to differentiate
malware from what they refer to as “potentially unwanted applications,” or PUAs.
PUA software categories include marketing and advertising software, Torrent
software, cryptomining software, bundling software, etc. However, other tech
companies tend to include cryptomining software among their malware listings
rather than discounting them as other types of unwanted applications.
Regardless of how you define it. Regardless of how it’s
distributed or propagates — whether it’s via malicious browser extensions,
malicious spam emails, URL phishing, droppers or downloaders — new malware (and
old ones that are evolving) are serious threats to consumers and businesses
alike regardless of their size, industry, or geological location.
Let’s take a look at a few of the latest malware threats in 2018
and 2019:
Evolving & new malware: 3 types of malicious software that have been
making headlines
There are many variants of existing and new malware cropping
up every day — which we’ll discuss more later in the article. Some of the
latest malware threats pose threats to business’s data and customers’ personal
information. Others, such as the Triton
malware (which exploits vulnerabilities that exist in industrial safety
instrumental systems and controllers) and WannaCry
ransomware (a worm that continues to plague healthcare organizations by
targeting Windows vulnerabilities), pose physical danger that can endanger the
lives of thousands or potentially millions of people.
As you can imagine, though, it’s virtually impossible to
write an article that’s comprehensive enough to encompass them all. (Nobody’s
got time for that!) As such, what we’re going to do is choose three of the top families
from the latest malware data and discuss what they are, what they do, and why
they are such immense threats to organizations around the world.
New malware #1: The evolution of Emotet
Emotet, which started in 2014 as a run-of-the-mill banking
Trojan, continues to evolve and expand its market share as a distributor of
other malware such as IcedID and TrickBot. In its Top 10
Malware January 2019 report, the Center for Internet Security (CIS)
describes Emotet as “a modular infostealer that downloads or drops banking
trojans.” Although its ranking has changed from month to month, Emotet
continues to have a regular presence in CIS’s Top 10 Malware list.
This malware is used to steal data and user credentials, deliver
malicious payloads, and to spread to other connected computers via their
networks within minutes. It also spreads beyond networks by brute force,
malicious emails, and even malicious URLs. According to the Spamhaus
Project:
“Spamhaus Malware Labs have tracked approximately 47,000 Emotet infected machines emitting around 6,000 distinct URLs to compromised websites serving as infection vectors. This makes Emotet the most actively distributed malware at the moment, accounting for almost 45% the total number of URLs used for this purpose.”
According to Symantec’s
2019 Internet Security Threat Report (ISTR), this self-propagating malware
accounted for 16% of financial trojans in 2018, up from 4% the previous year. Furthermore,
“Emotet was also being used to spread Qakbot, which was in 7th place in the
financial trojans list, accounting for 1.8 percent of detections.”
Emotet, much like Kovter, Dridex, and NanoCore, uses
“malspam” (malicious spam) as its primary
infection vector, according to CIS, through it is known to use multiple
attack vectors.
a CTA for the Email Security Best Practices eBook — maybe something along the
lines of “Protect your organization from unsolicited malicious emails by
implementing these X email security best practices.”]
New Malware #2: The emergence of SpeakUp
SpeakUp, a backdoor trojan that is distributed using Linux server
exploits, is a new threat that has been emerging this year. According to
research from Check
Point, what makes SpeakUp such a big threat is that it’s “capable of
delivering any payload and executing it on compromised machines, and evades
detection by all security vendors’ anti-virus software.”
Well, that’s
comforting. Considering that Linux is used exclusively by enterprise servers,
this poses a significant and scalable threat to businesses.
So far,
SpeakUp has been targeting servers around the world, including Amazon Web
Services (AWS) hosted machines. Thus far, however, this new malware appears to
primarily be infecting machines in East Asia and Latin America. While this is good news for
companies in the U.S. and Canada, it may only be a matter of time before
SpeakUp has something to say about its impact on North American servers.
New malware #3: Agent Smith’s infiltration
This type of Android malware exploits Android operating
system (OS) vulnerabilities in mobile devices to install tainted or malicious copies
of installed mobile apps such as WhatsApp, Flipkart, and several others. The
latest malware is used to not only display fake ads but also to spy on the device’s
user(s) and steal their banking information.
PC Mag reports that, so far, this new malware for Android
has infected
25 million devices. While some victims of the malicious software are in the
U.S.
(estimated 300,000 devices) and U.K. (137,000 devices), the malware
primarily appears to target mobile users in the India and the surrounding
countries.
Trend Micro identifies Agent Smith as AndroidOS_InfectionAds.HRXA. The
company also links it to AndroidOS_HiddenAds.HRXA and AndroidOS_Janus.ISO because of
the vulnerabilities it exploits within the Android OS.
Frequency of malware detections: looking at the numbers
The rate of emergence of new malware variants has been a virtual
rollercoaster over the past few years. The numbers vary greatly from source to
source. For the sake of this article, we’re going to look at numbers presented
by Symantec.
For example, Symantec’s 2019 ISTR states that there were:
- 357,019,453 new variants discovered in 2016 (a
0.5% increase over the previous year); - 669,947,865 new variants discovered in 2017
(an 87.7% increase over 2016); and - 246,002,762 new variants discovered in 2018 (a
63.3% decrease from 2017).
However, the percentage of groups using malware is on the rise. The ISTR
2019 report indicates that the number of groups using destructive malware
increased by 25 percent in 2018. Furthermore,
the report shows that while the overall number of ransomware infections has
shown a steady decline (20% year-on-year), enterprise detections actually
increased by 12% in 2018.
Final thoughts
With hundreds of thousands of new malware variants coming
out every year — and those are just the ones we know about — it should be no
surprise that malware continues to be viewed as one of the ongoing top threats
to organizations. Malware is a threat to companies, governments, and consumers
alike. It targets networks, servers, IoT, and mobile devices alike, and in some
cases can propagate itself to new victims.
The best thing that any organization can do to protect
itself is to use reliable cyber security measures, promote user awareness
training, use HTTPS for your website domain, and to implement email security
measures and best practices.
What are you doing to protect your organization from the
latest malware?
As always, leave any comments or questions below…
*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store™ authored by Casey Crane. Read the original post at: https://www.thesslstore.com/blog/new-malware-the-landscape-of-new-evolving-cyber-threats-in-2019/
