Why file-borne malware has become the weapon of choice for attackers

Today’s columnist Aviv Grafi of Votiro writes that hackers understand that embedding malicious code in Microsoft Office files and other popular applications can yield huge profits. Grafi says companies can stop file-borne malware by investing in new technologies and adopting zero-trust principles. (Stephen Brashear/Getty Images)

The latest numbers on hidden malware are out, and there’s some good news to report. The number of new malicious file attacks fell in 2020 for the first time in five years, and the decline continued through most of 2021. SonicWall Capture Labs recorded 2.5 billion malware attempts in the first six months of 2021, compared to 3.2 billion at the same time last year, a 22% drop. That’s a significant improvement from 2018, when malware attacks peaked at 10.5 billion.

That’s the good news. The bad news: The overall malware picture for 2022 isn’t so rosy.

Hackers have not given up on cybercrime. They have simply learned from their experiences that traditional “Hail Mary” attacks are not as lucrative as targeted attacks. Gone are the “spray-and-pay” methods where hackers send a low-level virus across the internet and hope it stays somewhere. Today, sophisticated cybercriminals seek out their targets and develop specialized malicious code that can cause the most damage or make the most money. In fact, SonicWall reported over 260,000 “never seen before” malware variants in 2020. Known as “zero-day” attacks, this type of hidden malware grew 74% from 2019 , perhaps because zero-days are the most likely to escape detection. by traditional antivirus solutions.

We do phishing

By the numbers, phishing schemes are now the favorite child of hackers. According to the FBI, the use of phishing emails was the most common type of cybercrime in 2020, with nearly 250,000 incidents reported. Phishing schemes are underhanded attempts to trick employees and individuals into opening and clicking on malicious links or attachments in emails. The goal of these phishing schemes may be to gain access to valuable company data or cause harm to an organization.

We can always count on human error: all it takes is a successful hack. Once an unsuspecting employee releases the hidden malware, it doesn’t take long for the entire company network to be infected. Mimecast reports that 74% of companies experienced malware activity that spread from employee to employee in 2021, up from 61% in 2020. They attribute the increase to distracted employees working from home and the growing sophistication of these programs.

And the motivation? While state-sponsored cyber terrorism strikes fear into the heart of every CIO, more often than not it is money that drives these threat actors. And not the kind of money they can make from ethical hacking. Today, ransomware reigns supreme. In its 2021 State of Email Security Report, Mimecast found that business-disrupting ransomware attacks are on the rise, with 61% of businesses falling victim in 2021, up from 51% in 2020.

File-borne malware: the weapon of choice

The smartest hacker need not realize that embedding malicious code in seemingly innocent files has become the easiest way to infiltrate businesses. Microsoft Office files and PDFs are favorites due to their daily use. When malicious files are opened, the hidden malware runs automatically and enables the criminals to carry out their plans. These file-borne malware threats are particularly difficult to detect. many of them are unknown or zero-day, which means that standard malware detection tools or solutions will not prevent attacks. sonic wall found that 35% of “never seen before” malicious files were hidden in Office and PDF files.

So, as we head into 2022, new hidden malware threats will appear and the whole landscape could change completely. Remember that it only takes a slight modification of a known malware signature to become day zero. This is why approximately 80% of successful breaches are new or unknown zero-day attacks, highlighting the need for proactive cybersecurity alternatives.

This means that organizations must invest beyond standard cybersecurity technologies and implement new preventative technologies such as Content Disarming and Reconstruction (CDR) technologies in their security stack. And, most importantly, companies need to develop security policies and implement solutions that help the organization adhere to the zero trust model.

Companies cannot deploy new technologies and move to zero trust without action and investment. Security professionals need to have these conversations with the company’s executives and board members so that their security teams receive the necessary funding to upgrade security. A few extra dollars in the cybersecurity budget could make a huge difference – it could very well save the company from making headlines this year as the latest victim of a cyberattack.

Aviv Grafi, Founder and CTO, Votiro

Comments are closed.