Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Dec 10, 2018

Here's the lowdown on how attackers may be going after you.

Email attacks are evolving.jpg

Trillions of dollars are spent on cybersecurity, but it seems malware breaches continue to grow in part thanks to ransomware, rootkits, persistent malware and firmware malware. I’m sure you’ve at least heard these terms before, but do you really understand them and how they are most likely to affect your advanced cyber threat prevention strategy?

What is Ransomware?

According to Kim Komando, ransomware is:

“…a form of malware that keeps users from accessing critical files stored on their infected gadget. To be more technical, there are two primary types of ransomware out there: blockers and cryptoblockers. What's the difference?

Blockers merely prevent access to certain programs or functions. For example, it may block access to a web browser, apps or operating system. Cryptoblockers, on the other hand, actually encrypt your data.

When it comes to desktop computers and laptops, cryptoblockers are most commonly used. However, when it comes to mobile devices, blockers are the preferred choice for hackers. A single click on a malicious link or attachment is all it takes to infect your device with ransomware.”

There are thousands of documented ransomware variants. WannaCry alone is credited with impacting 200,000 victims and 300,000 computers by encrypting files and demanding between $300 and $600 in bitcoin “ransom.”

What are Rootkits?

Once malware obtains root (administrator) credentials, it can install software (called a rootkit) and then even hide the intrusion as well as maintain privileged access. With this level access, the cybercriminal has full control over a system which means that existing software can be modified, including software that might otherwise be used to detect and/or circumvent it. This form of malware is very difficult to detect once infected, so prevention is the ideal form of protection.

What is Persistent Malware?

Persistent malware seems to act like an incurable disease for your technology. Every time your anti-virus product cleans it from your system, it finds a way to re-instantiate. Particularly, when rootkit-based malware is involved, it can achieve persistence by hiding in areas of your hard drive that might be inaccessible to the operating system to evade detection and prevent scanners from locating it.

What is Firmware Malware?

Wayne Rash recently reported in his eWeek article titled “New Russian Malware Can Embed Itself in PC Firmware” a new form of firmware-based malware called LoJax.

“The LoJax software, developed by Russian hacking group Fancy Bear, which has been tied to the Russian intelligence organization, works by using a series of tools developed by the Russians that first examine the code running in the victim computer’s UEFI (the uniform extensible firmware interface), to determine if it can be infiltrated. If it can, then the malware loader copies the code, adds its own malware and then flashes the computer’s firmware to embed the code.”

What Can You Do About It?

The best defense is a great offense. Stay educated on what is current on both sides of the equation: the malware as well as the prevention side. Learn more here.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Dec 10, 2018

You may also like:

For Internal Email Threats, Consider Employee Behavior

Security without factoring in employee b…

Security without factoring in employee behavior is bad secur… Read More >

Sam Curry

by Sam Curry

Chief Security Officer, Cybereason

Posted Dec 03, 2018

Cybersecurity Breakdown: Improving Workplace Awareness

How are your employees using work-issued…

How are your employees using work-issued devices? The holid… Read More >

Michael Madon

by Michael Madon

SVP & GM of Mimecast Security Awareness

Posted Dec 04, 2018

Why Understanding Zero-Day Exploits Matter

No one wants to be the first to face a n…

No one wants to be the first to face a new cyberattack. Let… Read More >

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Nov 29, 2018