Maksim Kabakou - Fotolia

Security Think Tank: Malware infection is inevitable, so be prepared

How can businesses best prepare their cyber defences in light of the fact that attackers are increasingly using malware designed to evade detection and analysis?

Malware is nothing new, yet malware infections are on the rise – but why is that? Why aren’t the defences we have been putting in place for the past 20 years effective? Let’s look at why.

Malware creation is no longer in the hands of expert hackers. Anybody with a computer can make their own custom malware, given the prolific rise in malware-creation kits.

Buy the software, point, click and you have your own custom malware. You can hide it in a PDF, a Microsoft Word document or ZIP file.

The challenge comes in mastering sufficient grasp of the English language to get your target to execute said malware. But with a bit of time and research, it is straightforward to come up with a realistic looking email, from a realistic looking domain, with the realistic probability of somebody opening it.

Due to the huge increase in malware variants, anti-malware supplies are struggling to keep up.

Much as their marketing teams may beg to differ, it is a matter of numbers. They simply do not have the resources to respond to each and every virus. By the time an antidote is developed, another mutation is in the wild.

Pharmaceutical companies have the same challenge with viruses, and make a fortune in the process. Needless to say, security suppliers do too.

Malware can be created that will avoid detection by all those expensive colourful bits of kit in your server rack. It’s a done deal. Do not try and think about blocking malware at the perimeter. Assume it has somehow found its way onto a user’s device. Be this by a spoof email, rogue USB stick or an Act of God, it will get there.

It’s common knowledge that malware will happily evade detection and analysis, as that is exactly what criminals will be paying expert software developers to do. So what should we be doing about this?

Beware BYOD and the two-click rule

It seems some companies have already hit the self-destruct button by permitting users to access company resources using their own devices, with limited protection in place.

While all your machines in the office might have the latest and greatest malware protection available, Mrs Trellis from her holiday home in north Wales is unlikely to even know what this is.

Users should not be able to double click and open an untrusted file. They should be prompted with a warning message before being allowed to open untrusted files.

This is a basic Cyber Essentials control that most small companies fail when I go in and assess them, yet remarkably simple and effective once in place. Do it. No excuses.

Block executables and install antivirus

Building on the two-click rule, it is a good idea to stop users executing anything. In a trusted environment, which has been carefully thought out and planned, there will be no need to do this. Do not let users install anything or run executables. That way, they cannot execute malware.

If a user cannot execute anything untrusted, then antivirus does not really give you much benefit.

Security suppliers have expanded their offerings to include host firewalls, host intrusion prevention, VPN capability, white listing, file integrity, event logging – the lot. While security bloatware might seem a happy compromise, you have to question the benefits. You should be looking to simplify security, and not complicate it.

Evolve

Concepts of least privilege and bare minimum build standards go a long way. It is worth looking at the thin terminal model and re-centralising control over user systems, as half the problem has been users being able to do whatever they want.

Ransomware is on an exponential rise. On one hand, it is very damaging for companies with no incident response ability or backups, but on the other hand it is raising awareness. Users are not so trusting anymore and awareness is on the rise.

The last, and most important piece of advice, is to be in a position where you can respond when you do get hit by malware – and you will.

Be prepared to have to trash any single one of your assets and restore it in a timeframe acceptable to the business. Malware should no longer been seen as a security threat. It is an inconvenience. Do not let it get on top of you. With careful preparation you can easily get out of the potential mess that malware can cause.


Tim Holman is CEO at 2-sec security consultancy.

Read more from Computer Weekly’s Security Think Tank about defending against evasive malware

This was last published in September 2016

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...

SearchNetworking

SearchDataCenter

SearchDataManagement

Close