Although it is not a new threat, modular malware is quickly increasing in frequency. Since the start of 2019, Barracuda Labs have identified more than 150,000 unique malicious files. Modular malware is malware with an even more dangerous twist. The robust and evasive attacks are launched in stages, adapting its tactics by analyzing the target’s environment and defenses.
Unlike traditional malware where malicious files are widely distributed as spam, modular malware has evolved to adapt depending on the environment it is trying to compromise. It starts with an initial payload, and once it is established on a system, it connects to a remote command and control (C2) server for additional payloads. A command and control server is a shadow network that attackers use to maintain communications on compromised systems. As information is exchanged between the C2 server and the system, additional payloads can be launched or retracted if a sandbox or an analysis environment is detected. This growing attack continues to be dangerous because malware authors are continually testing different methods to improve their success.
Defending your customers’ networks
To protect your customers from modular malware and other threats as they emerge and become more sophisticated, it is best to implement a multi-layered security strategy that covers any potential gaps.
Strengthen your customers’ human firewall. Often, the weakest link isn’t the security tools you have in place, it is the employees themselves. Launch a security awareness program to educate users on security best practices on how to identify and report suspicious emails, links, or attachments. By doing this, you can also easily identify users who might be susceptible to falling for attacks, so you can further educate them on cybersecurity best practices. This is a great way to demonstrate your value to your clients.
Launch a stronger gateway defense. Incorporate solutions that leverage advanced inbound and outbound security techniques. For example, malware detection, spam filters, and sandboxing. Advanced filtering capabilities, like static and dynamic analysis, can help block malicious attachments from reaching an inbox and flag them before it starts downloading the executable. If the user were to open a malicious file or click a link to a drive-by download, an advanced firewall with malware analysis can flag the threat as it tries to enter the network. By pairing advanced solutions together, you can maximize the protection you’re applying to your customers’ networks.
Leverage artificial intelligence. Look to incorporate solutions that can detect anomalies and uses DMARC authentication to validate emails. Account takeover attacks, for example, are becoming more prevalent, and can be difficult to detect, since they are carried out using a legitimate email address that the recipient is likely familiar with. Solutions like Barracuda Sentinel that use artificial intelligence to identify changes in communication patterns – such as an email signed off with an initial versus a nickname which is typically used, add a powerful tool to your security stack. An AI-based tool like Sentinel continuously learns communication patterns so that it can pick up on slight differences that could be hard for the average person to notice.
IT professionals know that cybercriminals are getting smarter in how they deliver and execute their attacks. However, your customers may not realize quite the risk this poses to them, or all the ways in which they are susceptible. By leveraging a multi-layered security strategy and assessing your customers’ network security often, you can help.
Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.