Maksim Kabakou - Fotolia

Security Think Tank: Human factor is key to defeating evasive malware

How can businesses best prepare their cyber defences in light of the fact that attackers are increasingly using malware designed to evade detection and analysis?

We should not be surprised that malware is becoming increasingly sophisticated. Previously rare, it is now common to find malware that has been designed to evade detection techniques. As usual, information security practitioners are in a race with attackers to keep ahead of the game.

Some of this “evasive malware” can determine where it is being run, and decide not to execute in sandbox environments.

Using knowledge of malware detection techniques, other malware has been developed to assess the level of human interaction (e.g., a number of mouse clicks) before it starts executing.

Then there’s the malware that plays the waiting game and “sleeps” for a long time (five years is not unheard of) before executing.

And so it goes on – these are variants of the same plan: play the patience game and remain undetected until execution.

The information security function should ensure that users are aware of the risks from malware and specify the actions required to minimise those risks.

In particular, users need to know that malware can install itself on a computing device, for example, by opening infected attachments sent by email, instant messaging and social media.

Read more from Computer Weekly’s Security Think Tank on dealing with evasive malware

Of course, organisations should continue to use malware protection software. This software should be configured to scan network traffic entering the corporate network (including email and downloads from the internet) and network traffic leaving the corporate network (including email attachments and shared documents).

Emails should be scanned for phrases associated with malware and prohibit the downloading of links or images from unknown or untrusted external sources.

However, organisations should not rely on sandbox, network and endpoint detection and mitigation utilities for securing an organisation against malware threats.

The human element is crucial, following up when something doesn’t seem “quite right”. Sharing threat intelligence is valuable and can help deal with potential evasive malware.

Maxine Holt is principal analyst at the Information Security Forum (ISF).

Read more on Hackers and cybercrime prevention