The distribution and installation of malicious and unauthorized software has evolved consistently throughout the 21st Century. The evolutionary path from annoying viruses, to destructive malware and on to financially driven crimeware, is well documented and can even be conveniently traced via the parallel evolution of technologies that were designed to counter each new aspect of the then contemporary threat.
While the individual technologies embedded within modern crimeware have evolved incrementally — and some people could successfully argue that the rate of innovation has slowed down over recent years — the diversity in which these technologies are applied to fraudulent and criminal ventures has accelerated. Or, to put it another way, professional cyber criminals have been increasingly inventive in ways in which to apply a "standard" toolset of malware features to the way they conduct their criminal ventures.
As traditional malware features continue to consolidate into professionally maintained and purchasable crimeware construction packs with 24×7 support and guaranteed "Fully Undetectable" (FUD) service level agreements, much of the newest innovation has occurred in the methods and mechanisms that install, update and regulate the control of the crimeware installed upon the victims computing device.
Misinterpretation of legacy malware propagation processes and failures in understanding the innovation and dynamism of modern crimeware installation techniques pose a significant risk to businesses facing off against an onslaught of highly motivated cybercriminals. Incorrect assumptions and an outdated understanding of the threat have resulted in organizations pursuing ineffective protection strategies and a bewildered reactive response to successful breaches.
Many crimeware victims are unaware of the pace at which the crimeware installation lifecycle completes and the ways in which Droppers, Downloaders and remote control agents are wielded by their criminal operators.
The federated approach to crimeware delivery further compounds the problem. Instead of having to combat one crimeware agent at a time at the host level, multiple malicious packages from multiple criminal entities are being dropped with each instance of a system compromise. Today, over 1-in-5 botnet inflicted computers are under the simultaneous remote control of more than one criminal operator.
I'm happy to announce that today we've made available the whitepaper "Behind Today's Crimeware Installation Lifecycle”. The paper examines the delta between legacy malware installation techniques and those currently employed by professional cybercriminals.
By understanding the modern crimeware installation lifecycle and exposing the reasoning behind each criminal tactic, organizations under the crosshairs of their attackers will better appreciate the limitations of the security technologies they currently deploy and will ideally be armed with the intelligence they need to develop more robust protection plans and incident response handling strategies.
By Gunter Ollmann, Chief Security Officer at Vectra
|Data Center||Policy & Regulation|
|DNS Security||Regional Registries|
|Domain Names||Registry Services|
|Intellectual Property||Top-Level Domains|
|Internet of Things||Web|
|Internet Protocol||White Space|
Afilias - Mobile & Web Services
Minds + Machines