Cercles des DSI

The malware ecosystem: A world undergoing profound changes

Published on

The malware ecosystem has been evolving significantly in recent years, with growing globalisation and sophistication in attacks, increasing professionalism in implementing attacks and the advent of new economic models. 

The main vector for spreading malware: e-mail!

A direct consequence of this development is that the threat has never been greater. Especially in companies where most of the wealth and data with high added value are concentrated, e-mail – the standard means of communication in the professional world – is primarily used to spread it.
The media have been quick to recount the misadventures of a growing number of organisations: the accountant who sent a bank transfer to a non-existent supplier after a fraudulent e-mail that appeared to – but obviously did not – come from a company manager, or the company whose confidential data was stolen after they installed malware contained in a pdf file. Moreover companies post corporate information on the web and on social networks in particular, providing cyber criminals with additional weapons for their formidably effective attacks.

The globalisation of threats

The symbol of the globalisation of threats is Japan. Although previously relatively unscathed by this type of attack, the Land of the Rising Sun has been the victim in recent years of Trojan horses that target primarily on-line banking websites. They steal user names, banking data and can even make transfers without users’ knowledge. This is what happened, for example, with Shifu, which was spread through major spamming campaigns hidden in apparently innocent attachments, especially Ichitaro files, one of the most common word processors used in Japan. The fact that this format was used is far from insignificant since it is poorly known outside Japan and few anti-malware filters can handle it properly.

From Ransomware to Ransomware-as-a-Service

Another symbol of evolving threats is the multiplication of ransomware that encrypts files to demand a ransom paid in Bitcoins in exchange for recovery of the user’s data. The explosion of ransomware, and of cybercrime in general, is tied very closely to the success of Bitcoin, the cryptographic currency guaranteeing transaction anonymity.

After “Locky” hidden in Microsoft Word attachments and spread through massive spamming campaigns, we’re now seeing other types of ransomware like Cerber with its specific economic model: Ransomware-as-a-Service. Cerber offers services for pay to cyber criminals who can then launch massive attacks with just a few clicks.

Fighting attacks

Given this worrisome situation, it is essential that companies take the right decisions to protect themselves. Since e-mail continues to be the preferred vector for attacks, it is more important than ever that companies have an optimal e-mail filtering solution as their first line of defence. Ideally, different technologies should be combined: e-mail analysis on the one hand, and attachment analysis by one or several antivirus software on the other, or even sandboxing. Effectiveness is achieved through the complementary nature of the technologies used. Then, user workstations need to be safeguarded by dedicated antivirus software in order to protect them if the malware manages to break through the first line of defence. And finally, there’s the human factor. No technology is perfect and it is foolish to think it might be some day. So, employees must be trained in digital risks and in good security practices.
Forewarned is forearmed!

Paolo Pinto

Malware Research Expert - Innovation Lab Vade Secure

Latest publication

CrowdStrike conducted a survey of cyberthreats affecting the supply chain. Answers in this article.

Read more