Pinterest Stumbleupon Whatsapp
Advertisement

The future of malware and antivirus is set to be an interesting battleground. Malware is constantly evolving, forcing antivirus developers to maintain pace. But the futuristic visions of automated machine-learning anti-hacking systems is much closer than you think.

In fact, the future is here.

It’s arriving just in time, too. A new spate of fileless malware is infecting government institutions, businesses, and banks around the globe. Fileless malware is essentially invisible. Once the sole remit of nation-state threat actors, it is now entering the mainstream.

The malware is sufficiently advanced that regular users like you and I don’t have to worry about it. At least, for the time being. Nonetheless, there is a clear picture of what security needs in the coming years.

Machine Learning Antivirus

British cyber-security company Darktrace’s Antigena is a machine-learning anti-hacking system automation tool. In layman’s terms, it is antivirus software that learns when exposed to new data 4 Machine Learning Algorithms That Shape Your Life 4 Machine Learning Algorithms That Shape Your Life You may not realize it but machine learning is already all around you, and it can exert a surprising degree of influence over your life. Don't believe me? You might be surprised. Read More . In this case, Antigena is used to hunt for odd behavioral patterns on corporate systems. Some attacks are easier to spot than others.

Advertisement

Antigena spotted unusual behavior at one company after the U.K. voted to leave the European Union. An employee, disgruntled at their employer’s Brexit (a portmanteau of “Britain” and “Exit”) strategy, attempted to leak confidential documents. Antigena tracks the threat, but also automates the response.

The machine-learning system represents another step-forward for Darktrace. The system genuinely learns, though some attacks are easier to stop than others. For instance, a ransomware attack “looks like a bomb going off” while an insider attack is much subtler.

The major difference is response time. Antigena notices an attack in the very early stages of infection, preventing a ransomware attack from encrypting files Protect Your Data From Ransomware With These 5 Steps Protect Your Data From Ransomware With These 5 Steps Ransomware is scary, and if it happens to you, it can make you feel helpless and defeated. That's why you need to take these preemptive steps so you don't get caught off guard. Read More . “We start interrupting those types of attacks,” explains Dave Palmer, DarkTrace’s director of technology. By the time a human, or even a traditional endpoint security suite has responded, it is too late.

Behavioral Cyber Defense

The machine-learning antivirus solution isn’t unheralded. Home users’ antivirus products now make regular use of heuristic scanning. Instead of scanning for specific file signatures, the heuristic approach analyzes suspicious characteristics and behavioral patterns. Heuristic analysis main purpose is to head off an attack before it begins, comparable to Antigena.

Advanced machine-learning solutions like Antigena aren’t likely to hit home computers for a long time. It is simply too complicated and too powerful. The mathematical principle and advanced environment scanning is already filtering through, forcing home antivirus providers to rethink their development strategies.

This is driving progressive, automated, security design.

What Is Fileless Malware?

What else is driving progressive antivirus design?

Fileless malware is a relatively new but unconventional attack vector. A fileless malware infection exists only in the system RAM or kernel, rather than relying on direct installation The 7 Types of Computer Viruses to Watch Out For & What They Do The 7 Types of Computer Viruses to Watch Out For & What They Do While your computer won't need a week in bed and antibiotics, computer viruses can delete and steal your data. Let's take a look at 7 of the most common viruses out there right now. Read More to a system hard drive. Fileless malware leverages a range of infiltration tactics to penetrate a system while remaining completely undetected. Here is one example of how an attack works:

  • A user visits a website using their browser, coerced via a spam message.
  • Flash is loaded.
  • Flash calls and uses PowerShell to insert memory-based commands.
  • PowerShell silently connects to a command and control (C2) server to download a malicious PowerShell script.
  • The script finds sensitive data and returns it to the attacker.

There are no files downloaded throughout the entire process. The level of stealth on display is impressive. Terrifying, but impressive.

The fileless attack ­leaves no trace, unless the attackers are careless — read our next section — or want you to find the file, like a calling card.

Furthermore, fileless malware grants a precious resource to attackers: time. With time on their side, attackers deploy sophisticated, multilayered exploits against high-value targets.

Russian ATM Scam

Do you ever find yourself dreaming about money pouring out of the ATM just as you walk by? Well, a team of Russian hackers did just that, liberating $800,000 from at least eight ATMs. It looks extremely simple.

A man walks up to an ATM. The ATM dispenses a wad of cash. The man walks away, presumably happy with his newfound wealth. Forcing an ATM to dispense cash on demand isn’t a new trick. However, the almost paperless-trail method used is.

Kaspersky Labs reported that the attackers left behind a single log file, giving researchers a vital clue in their investigation.

“Based on the contents of the log file they were able to create a YARA rule — YARA is a malware research tool; basically, they made a search request for public malware repositories. They used it to try to find the original malware sample, and after a day the search yielded some results: a DLL called tv.dll, which by that time had been spotted in the wild twice, once in Russia and once in Kazakhstan. That was enough to begin untangling the knot.”

The attackers had installed a backdoor in the bank security. Then, they installed malware on the ATM from within the bank’s infrastructure. The malware looks like a legitimate update and fails to trigger any warnings. The attackers run a remote command that first asks how much cash is in the machine, followed by a trigger to dispense.

The money dispenses. The hacker walks away richer. At the same time, the malware begins the cleanup operation, deleting any executables and scrubbing any changes made to the ATM.

Protecting Against Fileless Malware

When fileless malware first surfaced, it made the target system run very slowly. Early examples were inefficiently coded. As such, they were easier to spot because the target system would grind to a halt. Of course, this didn’t last for long, and a fileless malware infection is incredibly difficult mitigate. However, it isn’t impossible.

  1. Update. Keep everything updated, all the time 4 Windows Apps to Keep Updated at All Times 4 Windows Apps to Keep Updated at All Times Keeping your software up-to-date is one way to stay out of trouble with hackers and malware. We show you how to keep Windows, browsers, anti-virus tools, and other apps updated. Read More . Security updates are critical How & Why You Need To Install That Security Patch How & Why You Need To Install That Security Patch Read More . Vulnerabilities are found and patched. According to US-CERT, “85 percent of targeted attacks are preventable” with regular patching.
  2. Education. Fileless malware will arrive through an infected site or phishing email. Brush up on how to spot a phishing email How to Spot a Phishing Email How to Spot a Phishing Email Catching a phishing email is tough! Scammers pose as PayPal or Amazon, trying to steal your password and credit card information, are their deception is almost perfect. We show you how to spot the fraud. Read More among the spam-noise.
  3. Antivirus. Rumors of antivirus’ demise have been greatly exaggerated The 10 Best Free Anti-Virus Programs The 10 Best Free Anti-Virus Programs You must know by now: you need antivirus protection. Macs, Windows and Linux PCs all need it. You really have no excuse. So grab one of these ten and start protecting your computer! Read More . An up-to-date antivirus might block communication with the command and control server, stopping a fileless malware infection downloading its scripted payload.

The single biggest takeaway is keeping your system updated. Sure, there are zero-day vulnerabilities What Is a Zero Day Vulnerability? [MakeUseOf Explains] What Is a Zero Day Vulnerability? [MakeUseOf Explains] Read More . But despite their taking the headlines, they’re still the exception — not the rule.

Steaming Into the Future

Enterprise antivirus solutions are already considering how the future of malware will look. Advances made will filter through to consumer products that protect you and I. Unfortunately, this process is sometimes slow, but a significant shift toward behavioral-based antivirus is underway.

Similarly, fileless malware is making its way into the mainstream, but is still a specialized “tool” in the hacker handbook. As such fileless malware has only been used against high-value targets but, rest assured, malevolent hackers will ensure it winds up on our computers.

Malware is constantly evolving. Do you think our antivirus products do enough to protect us? Or should the onus be on user education? Let us know your thoughts below!

Image Credits: ktsdesign/Shutterstock

Leave a Reply

Your email address will not be published. Required fields are marked *