by Malwarebytes Labs
As if you haven’t heard it enough from us, the threat landscape is changing. It’s always changing, and usually for the worst.
The new malware we see being developed and deployed in the wild have new features and techniques that allow them to go beyond what they were originally able to do, either for the focus on additional infection or evasion of detection.
To that end, we decided to create a report where we take a look at a few of these threats and take apart what about them makes them difficult to remove or say ‘Under the Radar’ and their spread across the world.
Here you can download ‘Under the Radar: The Future of Undetected Malware’ report. Below we have summarized the key findings relevant to ASEAN countries:
Under the radar malware: ‘invisible’ infections
Malware authors have been incorporating new infection methods that have resulted in a whole new category of attacks: under the radar malware. This is a difficult-to-remediate group of threats that is growing in sophistication and frequency, a cause for concern for businesses today and in the future, according to the new research report from Malwarebytes.
The under the radar malware harms our laptops silently until it is too late to remediate. We won’t even realize that we are being attacked because this modern malware is designed to avoid detection and maintain persistence.
The future of attacks in ASEAN
The report analyses the latest data in fileless attack methodology, frequency, remediation resistance and adaptive attacks and found that Emotet, Sorebrect ransomware, SamSam and TrickBot represent the future of attacks.
For example, when looking at Emotet, a banking trojan malware program that uses the same vulnerabilities that WannaCry and NotPetya exploited, Philippines is the most infected country in APAC, with nearly 60,000 instances detected by Malwarebytes. Sorebrect, a fileless ransomware infection that targets network shares, has been heavily detected in Southeast Asia as well, especially in Indonesia, Thailand and the Philippines.
The region is also seeing more exploit kit activity than any other part of the world right now, since so many users in these countries use outdated operating systems and browsers, that make them easy to attack with old exploits. If Sorebrect is distributed through one of these exploit kits, the victim would likely have no idea they were infected until it was far too late and it would require almost no interaction by the victim, other than visiting a website.
Jeff Hurmuses, Area Vice President and Managing Director, Asia Pacific, Malwarebytes said, “ASEAN will remain a prime target for cyberattacks as the region becomes more closely linked through trade, capital flows and technology, making it more prone to complex cyberattacks.”
Fighting cybercrime in 2019
“Over the next few years we will see how threat actors turn their efforts to businesses and networks with thousands of end points, to generate a greater ROI”, added Jeff Hurmuses. “Cybercriminals will also develop more sophisticated fileless and ‘invisible’ malware, and will start using more AI to develop, distribute or control malware.”
To be able to fight cybercrime in the future, security solutions will need to include modern features that are effective against these new threats:
- Behavioral detection that is dynamic and able to learn from the threats. The future of fighting cybercrime lies in being able to detect threats because they act like threats, not necessarily because you recognize them as such.
- Blocking at Delivery. A powerful ‘bouncer’ that keeps all the endpoints safe.
- Self-Defense Modes. More and more we see attacks that attempt to shut down security tools that may be used to detect and remove whatever additional payload the threat intends to infect the system with.