“Malware Mania” is back with a vengeance creating havoc for organizations of all sizes and in all industries. Cyber criminals have morphed their attack methods with the resurgence of macro malware and encrypting ransomware to evade traditional antivirus and sandbox defenses. As a result, cybersecurity teams are scrambling for a more effective way to deal with these shocking realities:
- 2,500 cases of ransomware costing victims $24 million in the US alone were reported to the Internet Crime Complaint Center for 2015 (Turkel, 2016)
- 500+ malware evasion behaviors are being tracked by researchers used to bypass detection (Kruegel, 2015)
- 10 is the average number of evasion techniques used per malware sample (Kruegel, 2015)
- 97% of malware is unique to a specific endpoint, rendering signature-based security virtually useless (Webroot, 2015)
- 15% of new files are malicious executables (Webroot, 2015)
- 98% of Microsoft Office-targeted threats use macros (Microsoft , 2016)
- 600%+ increase in attachment-based vs. URL delivered malware attacks from mid 2014 to 2015 (Proofpoint, 2015)
- 50% increase in email attacks where macros are the method of infection (Tim Gurganus, 2015)
- 390,000 malicious programs are registered every day by AV-Test Institute (AV-TEST, 2016)
- 19.2% potential increase of detecting malware simply by adding a 2nd AV to your existing email security, while structural sanitization can help eliminate macro malware threats (Clearswift, 2016)
But...
- 1 simple enhancement to your existing (vendor neutral) email and web security gateways can completely dissemble email attachments and downloads at more granular level to immediately remove the macro malware threat using hidden triggers bypassing detection, extremely popular with TeslaCrypt and Locky ransomware.
Deeper inspection and sanitization that is not limited by zip/encryption, file size, analysis timing delays, virtual environment evasion techniques or multiple embedded document layers is proving to provide the highest detection rates, immediate impact and cost-effective defense against evading malware and ransomware.
References:
AV-TEST. (2016, May 3). Malware Statistics. Retrieved from https://www.av-test.org: https://www.av-test.org/en/statistics/malware/
Clearswift. (2016, May 6). Prevent advanced malware & ransomware attacks from striking. Retrieved from Clearswift.com: https://emailsecurity.fortra.com/resources/videos/prevent-advanced-malware-...
Help Net Security . (2016, February 29). The rise of polymorphic malware. Retrieved from https://www.helpnetsecurity.com/2016/02/29/the-rise-of-polymorphic-malwa... https://www.helpnetsecurity.com/2016/02/29/the-rise-of-polymorphic-malware/
Kruegel, D. C. (2015, April 21). Labs Report at RSA: Evasive Malware’s Gone Mainstream. Retrieved from http://labs.lastline.com/: http://labs.lastline.com/evasive-malware-gone-mainstream
Microsoft . (2016, March 22). New feature in Office 2016 can block macros and help prevent infection. Retrieved from Microsoft TechNet: https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-offic...
Proofpoint. (2015). The Cybercrime Economics of Malicious Macros. Sunnyvale: Proofpoint.
Tim Gurganus. (2015, May 12). Attackers Slipping Past Corporate Defenses with Macros and Cloud Hosting. Retrieved from Cisco Blogs: http://blogs.cisco.com/security/attackers-slipping-past-corporate-defens...
Turkel, D. (2016, April 7). Victims paid more than $24 million to ransomware criminals in 2015 — and that's just the beginning. Retrieved from Business Insider: http://www.businessinsider.com/doj-and-dhs-ransomware-attacks-government...
Webroot. (2015). Webroot 2015 Threat Report. Broomfield: Webroot.