Pinterest Stumbleupon Whatsapp
Advertisement

The future of malware and antivirus is set to be an interesting battleground. Malware is constantly evolving, forcing antivirus developers to maintain pace. But the futuristic visions of automated machine-learning anti-hacking systems is much closer than you think.

In fact, the future is here.

It’s arriving just in time, too. A new spate of fileless malware is infecting government institutions, businesses, and banks around the globe. Fileless malware is essentially invisible. Once the sole remit of nation-state threat actors, it is now entering the mainstream.

The malware is sufficiently advanced that regular users like you and I don’t have to worry about it. At least, for the time being. Nonetheless, there is a clear picture of what security needs in the coming years.

Machine Learning Antivirus

British cyber-security company Darktrace’s Antigena is a machine-learning anti-hacking system automation tool. In layman’s terms, it is antivirus software that learns when exposed to new data 4 Machine Learning Algorithms That Shape Your Life 4 Machine Learning Algorithms That Shape Your Life You may not realize it but machine learning is already all around you, and it can exert a surprising degree of influence over your life. Don't believe me? You might be surprised. Read More . In this case, Antigena is used to hunt for odd behavioral patterns on corporate systems. Some attacks are easier to spot than others.

Antigena spotted unusual behavior at one company after the U.K. voted to leave the European Union. An employee, disgruntled at their employer’s Brexit (a portmanteau of “Britain” and “Exit”) strategy, attempted to leak confidential documents. Antigena tracks the threat, but also automates the response.

The machine-learning system represents another step-forward for Darktrace. The system genuinely learns, though some attacks are easier to stop than others. For instance, a ransomware attack “looks like a bomb going off” while an insider attack is much subtler.

The major difference is response time. Antigena notices an attack in the very early stages of infection, preventing a ransomware attack from encrypting files Protect Your Data From Ransomware With These 5 Steps Protect Your Data From Ransomware With These 5 Steps Ransomware is scary, and if it happens to you, it can make you feel helpless and defeated. That's why you need to take these preemptive steps so you don't get caught off guard. Read More . “We start interrupting those types of attacks,” explains Dave Palmer, DarkTrace’s director of technology. By the time a human, or even a traditional endpoint security suite has responded, it is too late.

Behavioral Cyber Defense

The machine-learning antivirus solution isn’t unheralded. Home users’ antivirus products now make regular use of heuristic scanning. Instead of scanning for specific file signatures, the heuristic approach analyzes suspicious characteristics and behavioral patterns. Heuristic analysis main purpose is to head off an attack before it begins, comparable to Antigena.

Advanced machine-learning solutions like Antigena aren’t likely to hit home computers for a long time. It is simply too complicated and too powerful. The mathematical principle and advanced environment scanning is already filtering through, forcing home antivirus providers to rethink their development strategies.

This is driving progressive, automated, security design.

What Is Fileless Malware?

What else is driving progressive antivirus design?

Fileless malware is a relatively new but unconventional attack vector. A fileless malware infection exists only in the system RAM or kernel, rather than relying on direct installation The 7 Types of Computer Viruses to Watch Out For & What They Do The 7 Types of Computer Viruses to Watch Out For & What They Do While your computer won't need a week in bed and antibiotics, computer viruses can delete and steal your data. Let's take a look at 7 of the most common viruses out there right now. Read More to a system hard drive. Fileless malware leverages a range of infiltration tactics to penetrate a system while remaining completely undetected. Here is one example of how an attack works:

  • A user visits a website using their browser, coerced via a spam message.
  • Flash is loaded.
  • Flash calls and uses PowerShell to insert memory-based commands.
  • PowerShell silently connects to a command and control (C2) server to download a malicious PowerShell script.
  • The script finds sensitive data and returns it to the attacker.

There are no files downloaded throughout the entire process. The level of stealth on display is impressive. Terrifying, but impressive.

The fileless attack ­leaves no trace, unless the attackers are careless — read our next section — or want you to find the file, like a calling card.

Furthermore, fileless malware grants a precious resource to attackers: time. With time on their side, attackers deploy sophisticated, multilayered exploits against high-value targets.

Russian ATM Scam

Do you ever find yourself dreaming about money pouring out of the ATM just as you walk by? Well, a team of Russian hackers did just that, liberating $800,000 from at least eight ATMs. It looks extremely simple.

A man walks up to an ATM. The ATM dispenses a wad of cash. The man walks away, presumably happy with his newfound wealth. Forcing an ATM to dispense cash on demand isn’t a new trick. However, the almost paperless-trail method used is.

Kaspersky Labs reported that the attackers left behind a single log file, giving researchers a vital clue in their investigation.

“Based on the contents of the log file they were able to create a YARA rule — YARA is a malware research tool; basically, they made a search request for public malware repositories. They used it to try to find the original malware sample, and after a day the search yielded some results: a DLL called tv.dll, which by that time had been spotted in the wild twice, once in Russia and once in Kazakhstan. That was enough to begin untangling the knot.”

The attackers had installed a backdoor in the bank security. Then, they installed malware on the ATM from within the bank’s infrastructure. The malware looks like a legitimate update and fails to trigger any warnings. The attackers run a remote command that first asks how much cash is in the machine, followed by a trigger to dispense.

The money dispenses. The hacker walks away richer. At the same time, the malware begins the cleanup operation, deleting any executables and scrubbing any changes made to the ATM.

Protecting Against Fileless Malware

When fileless malware first surfaced, it made the target system run very slowly. Early examples were inefficiently coded. As such, they were easier to spot because the target system would grind to a halt. Of course, this didn’t last for long, and a fileless malware infection is incredibly difficult mitigate. However, it isn’t impossible.

  1. Update. Keep everything updated, all the time 4 Windows Apps to Keep Updated at All Times 4 Windows Apps to Keep Updated at All Times Keeping your software up-to-date is one way to stay out of trouble with hackers and malware. We show you how to keep Windows, browsers, anti-virus tools, and other apps updated. Read More . Security updates are critical How & Why You Need To Install That Security Patch How & Why You Need To Install That Security Patch Read More . Vulnerabilities are found and patched. According to US-CERT, “85 percent of targeted attacks are preventable” with regular patching.
  2. Education. Fileless malware will arrive through an infected site or phishing email. Brush up on how to spot a phishing email How to Spot a Phishing Email How to Spot a Phishing Email Catching a phishing email is tough! Scammers pose as PayPal or Amazon, trying to steal your password and credit card information, are their deception is almost perfect. We show you how to spot the fraud. Read More among the spam-noise.
  3. Antivirus. Rumors of antivirus’ demise have been greatly exaggerated The 10 Best Free Anti-Virus Programs The 10 Best Free Anti-Virus Programs You must know by now: you need antivirus protection. Macs, Windows and Linux PCs all need it. You really have no excuse. So grab one of these ten and start protecting your computer! Read More . An up-to-date antivirus might block communication with the command and control server, stopping a fileless malware infection downloading its scripted payload.

The single biggest takeaway is keeping your system updated. Sure, there are zero-day vulnerabilities What Is a Zero Day Vulnerability? [MakeUseOf Explains] What Is a Zero Day Vulnerability? [MakeUseOf Explains] Read More . But despite their taking the headlines, they’re still the exception — not the rule.

Steaming Into the Future

Enterprise antivirus solutions are already considering how the future of malware will look. Advances made will filter through to consumer products that protect you and I. Unfortunately, this process is sometimes slow, but a significant shift toward behavioral-based antivirus is underway.

Similarly, fileless malware is making its way into the mainstream, but is still a specialized “tool” in the hacker handbook. As such fileless malware has only been used against high-value targets but, rest assured, malevolent hackers will ensure it winds up on our computers.

Malware is constantly evolving. Do you think our antivirus products do enough to protect us? Or should the onus be on user education? Let us know your thoughts below!

Image Credits: ktsdesign/Shutterstock

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Christoph
    April 19, 2017 at 4:08 am

    How do you know the updates installed are not malware ?You don't,I have downloaded SEVERAL trojans and other malware.Of the four A.V's I have on my phone maybe one found them after installation.One was in Kaspersky mobile , it was Andriod/fobus.x Trojan.Another was a San Francisco Federal Credit Union app.It was malware MTK.I was alerted only when I checked the A.V myself.Of the four none did anything about Removal.All I could do was uninstall.My phone is still showing signs something is up.Apps I never installed are showing in the my apps section on google play.Searches ,in my search history.Like looking for diapers online(don't have kids nor need diapers.One was to a l.p.paypercall.com website.Never did searched for any of this .when I spoke aloud about the searches they disappeared from my history and changed before my eyes in google chrome.I tried telling every A.V I have even google and nothing came of it. the name of the trojans or malware when it happened etc. And nothing.Google actually called back but claimed I ordered the apps and searched for all those things offered no assistance or assurance the malware was removed.Now I have some google services instant app installed by itself.No notification that they were going to install this.I tried to uninstall it it keeps reinstalling itself.The app detective app says in the manifest of the app it has an unnamed package in it and has shadow service 1-36 and is exporting my data somewhere unlisted.Av's.Are a sham and offer no real protection whatsoever.Google play updated itself even though I have do not auto update option selected.No notification from Google saying it was going to update.Even apps that never showed up in their manifest which you can't access unless you have root .Or you have he app detective app.One was asking for the log in page to facebook and accessing other information about my facebook.decoder I believe was the name.Slot of apps ask for c2d send/receive message permissions.Which they've supposedly changed but the per mission is still granted on android 6.0.1 F.Y.I ,The tech industry is one big extortion scam!

    • Gavin Phillips
      April 19, 2017 at 1:02 pm

      Okay, I can see a few things wrong here. First up, you only need one antivirus suite. More than that and they start conflicting with one another, and will miss malicious entities. You can run an antivirus and an antimalware suite like Malwarebytes instead.

      Second, where are you downloading and installing updates from? Most Android phones receive manufacturer updates OTA. That isn't to say they won't be buggy, but manufacturers have no overall gain supplying their users with malware (except that one time Sony installed a rootkit on thousands of PCs, but that is another story). If you're downloading and installing random APKs outside of the Google Play Store environment, then yes, you may have introduced something nasty to your device. This is true for any device e.g. if you torrent Microsoft Office you might get more than you bargain for.

      My advise would be update your desktop/laptop antivirus and antimalware, then disconnect from the internet. Next, connect your phone to your laptop/PC. Scan your phone using your desktop antivirus/antimalware. It shouldn't take long.

      • Christopher
        April 22, 2017 at 1:35 am

        I have malwarebytes installed .it missed all the Trojans. I've downloaded from Google play only. And I would say every other app has been malware. Adware, trojan. One was in Kaspersky. I doubt having multiple A.V's would cause on to miss a trojan .I personally think that is to deter people from using other. rival worthless services. And I've tried just using the just one, like they suggest . And thats when I got the. Credit union malware MTK. After I installed. I stumbled upon the message it was malware MTK .And from their, no service nor assurance and assitance in removals!Every A.V I've contacted didn't even bother contacting me or offer any support whatsoever.My latest Trojan (This is becoming frequent)or malware is supposedly Metasploit.Found by virus total .12 of the 61 .different A.Vs virus total uses says it's Metasploit(ghostery app). or they simplyblisted as Trojan with numerical lettered code.Iam on a phone and can't afford a computer.The only thing I haven't tried is factory reset .As the problems I continue to have .seem too embedded in the system like trying to remove site data within Google chrome. My screen going completely black,and losing all control for about half a minute then the power button started to work. The Google services instant app supervisor that installed itself out of nowhere no longer is showing up Or reinstalling itself.I guess I did whatever it was trying to do.What ever those shadow services 1-36 were.That was listed in its manifest in app detective. I've read there is malware that can even survive a factory reset. I have more or less given up trying .I don't do banking on my phone whatsoever free the malware MTK.I just don't trust it.I can't.Any real protection is apparently non exsistant.Thanks for taking the time to comment back.The only way I have to fight back is venting like this.However futile.Just trying to build awareness that Googleplay Is not safe like they falsely suggest.

        • Gavin Phillips
          April 22, 2017 at 12:04 pm

          Sorry it isn't working out for you. I have another solution that you could try. If you can use another PC, in a web cafe or library etc, create a cloud storage account using a strong password. Create a copy of your vital files and upload them using your phone browser. Wipe your phone, then reload the files one by one. When something bugs out, bingo, you've figured it out.

          Do you have access to any other system? You could create a Linux LiveUSB?CD to boot into...

          Good luck!

        • Gavin Phillips
          April 22, 2017 at 12:05 pm

          Also, you're right on the Google Play Store front. There are ways to avoid picking up malware, but there is a lot of nasty stuff floating around in there.