• Michael Weeding

The changing face of malware


If there is one group of individuals that are continually re-inventing themselves it has to be cyber attackers exploiting any new opportunity to launch attacks or avoid detection. While the malware landscape is constantly changing there are some things remain the same.

Not surprisingly the one constant in cyber security threats remains the user. So if the user remains the weak point what are some of the new tactics that cyber criminals are now using new ways to infect you with malware?

The CISCO 2015 Annual Security Report has a lot of interesting facts and a key take out is that attackers know it is often easier to exploit users at the browser than at the server level, so that is where they are focusing their efforts.

Cyber criminals are now sending spam campaigns using hundreds of IP addresses in an attempt to bypass IP-based protection products. Also known as Snowshoe spam this involves sending low volumes of spam from a large set of IP addresses, it differs from the usual SPAM that usually comes from a single IP. While most SPAM is still blocked this technique means that some SPAM can avoid being detected and all it takes is one breach to cause a lot of damage.

The traditional Spear-phishing messages are also on the rise. What is changing is that even these messages are not only looking more authentic the content is constantly being updated to avoid detection. Gone are the dodgy looking emails riddled with spelling mistakes.

A hot topic of conversation last year was Malvertising, made famous after news of the Kyle and Stan Malvertising campaign made the headlines and it appears that since then this type of attack is becoming a real sweet spot for cyber criminals. Malvertising exploits the chaotic nature of the online advertising industry allowing cyber criminals to place malicious ads on any website. It is not the ad that infects users but directs them to sites that manipulates users tricking them into installing malware.

Malvertising is also being distributed through malicious web browser add ons where compromised users are infected through the installation of bundled software from untrusted sources that are installed knowingly by users believing they are legitimate.

One of the keys to prevention is keeping your software up to date. According to the CISCO report only 10% of IE browsers were using the latest software, compared to 64% of Chrome users. The difference being Chrome’s automatic update system.

So if nothing else maybe this is a good prompt to update your browser!


#malvertising