Malware is more potent than ever. No longer does it just corrupt some files. It infiltrates entire businesses, locks users out of systems, demands ransoms, and facilitates the sale of intellectual property to the highest bidder.
Here are some of the top trends in the antimalware market:
1. Patch Management Automation
Paul Caiazzo, strategic advisor at Avertium, said that patch management has been in a state of some neglect since the move to remote work environments.
“An effective patch management strategy is one of the foundations of an organizational cybersecurity strategy,” Caiazzo said.
“However well understood this may be in theory, many organizations struggle to implement a good patch management program.”
Patches are typically issued after an exploitable vulnerability has been discovered by the community or disclosed by the originating vendor for a piece of software or firmware.
After a vulnerability is acknowledged, it is not uncommon for malicious actors to try to exploit it within the window between learning about it from its public disclosure and when the majority of the public have applied patches.
Making this window as small as possible is important for organizational cybersecurity. Automated patch management tools and security suites that include patch automation should be implemented to address this vital safeguard against malware.
2. Behavior-Based Detection
As the ransomware industry becomes more commercialized and financially successful, adversaries have the opportunity to focus on research and development and fine-tune their methodologies.
It’s now common for ransomware groups to use shell companies to purchase antivirus and EDR software and test their malware strains against them, honing their evasive tactics. This means that signature-based detection will no longer cut it. In any case, signature-based detection is relatively useless for zero-day vulnerabilities, which are discovered and weaponized at a rapid pace.
“Detecting known-bad signatures is still important for baseline security but needs to be paired with behavior-based detection to focus on more potentially threatening behaviors,” said Matthew Warner, co-founder and CTO at Blumira.
“It’s more important to focus on suspicious behavior, what created them, and if it will happen again, as it is a stronger indicator of a potential threat or serious ransomware attack about to happen — and a more reliable method of detecting advanced, ever-changing threats.”
3. Ransomware Protection
One of the most significant trends in the malware space is around ransomware — specifically, the growing recognition that antimalware software and other traditional defenses aren’t sufficient to protect against ransomware attacks and that organizations must therefore focus greater attention on being able to recover quickly in the event of an attack, without having to pay ransom.
There are three key drivers of this shift, said Jon Toor, CMO, Cloudian.
- Ransomware attacks are increasingly sophisticated and hard to prevent, even when an organization is prepared. Today, it is no longer a question of if you will be hit, but when.
- Ransomware can penetrate quickly, significantly impacting an organization’s financials, operations, customers, employees, and reputation.
- Even if you pay the ransom, there are other related costs that can be significant, and there’s no guarantee you will get all your data back.
“All of this means that while it’s important for organizations to keep their antimalware software and other perimeter security defenses up-to-date, they must have a comprehensive cybersecurity strategy that goes beyond just detection and prevention,” Toor said.
“The key to minimizing the impacts of a ransomware attack is having technology and processes in place to quickly recover your data and resume operations on your own.”
Toor recommends that organizations keep an immutable backup copy of their data. Immutability prevents cybercriminals from encrypting or deleting that data for a specified period of time, enabling ransomware victims to restore the unencrypted backup copy without paying a ransom. In addition, data immutability can now be implemented as part of an automated backup workflow, making recovery quick and easy. As a recent Gartner report stated, “having an immutable copy of the backup is the most important item to start protecting backup data [from ransomware].”
“By employing data immutability, organizations can not only minimize the financial costs and operational disruption caused by ransomware, but also help break the cycle of ransom payments funding further attacks,” Toor said.
4. Malware-Free Incursions
While antimalware is a crucial part of a full-fledged cybersecurity, it is no longer the be-all, end-all solution.
As seen in CrowdStrike’s 2022 “Global Threat Report,” 62% of recent detections this past year were malware-free intrusion attempts. This means threat actors often resort to other means outside of deploying malware to breach and gain access to the victim’s network.
Additionally, adversaries’ breakout time, the time it takes for adversaries from point of entry to move laterally across a victim’s network, clocked in at 98 minutes — giving security teams just over 1.5 hours to detect, investigate, and respond before the adversary breaches their network.
“Legacy signature-based antimalware can no longer keep up, and ML-based solutions must now be the new foundation to give organizations a fighting chance at keeping one step ahead of accelerating adversaries,” said Patrick McCormack, SVP of platform engineering, CrowdStrike.
“To defend against a wider variety of attack vectors, organizations should couple their antimalware solutions with EDR/XDR, threat hunting and intelligence, zero-trust architectures, and other cutting-edge capabilities in order to cover all bases.”
5. Multi-factor Authentication
Credential theft has been on a continued rise since the move to remote work. Wherever practical, businesses should use multi-factor authentication (MFA) as an extra layer of security.
“This can mean the difference between a successful attack and access to your network being denied,” said Caiazzo with Avertium.