What is the difference between the old and new malware?
Well, the old malware wanted to spread and replicate rapidly until antivirus software vendors could not find a way to render them harmless. Today most cyber threats act in devious ways, sophisticated and organized. Have changed the "attackers", have increased the purposes of actions, and have become more elusive and planned the security solutions and hacking activities.
Advanced Persistent Threat (Apt).
Apt are attacks that rely on other techniques, some are old and others, such as social engineering, of the latest generation.
Apt attacks very often are not well known because they do not show their power in the period of a few days, with effects most often annoying, but easily fixed. Their main characteristics are not the rapidity and the flamboyance, but intelligence, strength and patience. Quality in proportion to the objective: not the demonstration effect, but the sabotage of economic activities, theft of intellectual property, theft of sensitive personal information and even digital certificates.
As in the context of criminal actions, also in cybercrime using, in most cases, weapons already known or "rebuilt". An example are malware capable of "polymorphism", in which a portion of the code is designed to periodically change so that it no longer matches the signature with which the security vendor update firewalls, Intrusion Prevention Systems (Ips) and other antimalware. How do the hackers to penetrate a malware of this type on a network or in an endpoint? An example is the social engineering technique based on user profiling in order to create email messages, chat rooms or blogging that appear to contain credible information, but which in fact lead users into clicking links which open sites, programs or content. So begins "exploit". Once opened connections or applications, even in the background, the attacker gains access to the operating system shell and manages to introduce malware chosen for the Apt.
Most of unknown malware is able to evade traditional antivirus, is carried by real-time web application rather than by email, in the form of attachment. It is what defines the mechanism drive-by-download and that's what we have to fear and fight today.
A special feature of this type of attack is that, even when It has reached the goal, the malware continues to gather on the target and It's constantly updated by the C&C to avoid being detected by security systems.
APT attacks are a real risk. They attack the goals with a very high success rate. In most cases are exploited security holes, so undetected by defense systems.
About the social engineering techniques used, too often we don't realize how much information we exhibit about us, about who we are, where we work, when we are in a place ... all this happens sometimes unconsciously, in our interaction with the social world. And often the thought of "who can be interested in me" justifies a too superficial attitude in providing this information.
Awareness means to elevate the paranoia level to become aware of how easy it is for an interested attacker correlate information to plan a targeted attack.
Think now on how easy for those who understand that you have helpful information, find you, or send you one of those weird emails with a strange attachments ...
Stay safe.
Well, the old malware wanted to spread and replicate rapidly until antivirus software vendors could not find a way to render them harmless. Today most cyber threats act in devious ways, sophisticated and organized. Have changed the "attackers", have increased the purposes of actions, and have become more elusive and planned the security solutions and hacking activities.
Advanced Persistent Threat (Apt).
Apt are attacks that rely on other techniques, some are old and others, such as social engineering, of the latest generation.
Apt attacks very often are not well known because they do not show their power in the period of a few days, with effects most often annoying, but easily fixed. Their main characteristics are not the rapidity and the flamboyance, but intelligence, strength and patience. Quality in proportion to the objective: not the demonstration effect, but the sabotage of economic activities, theft of intellectual property, theft of sensitive personal information and even digital certificates.
As in the context of criminal actions, also in cybercrime using, in most cases, weapons already known or "rebuilt". An example are malware capable of "polymorphism", in which a portion of the code is designed to periodically change so that it no longer matches the signature with which the security vendor update firewalls, Intrusion Prevention Systems (Ips) and other antimalware. How do the hackers to penetrate a malware of this type on a network or in an endpoint? An example is the social engineering technique based on user profiling in order to create email messages, chat rooms or blogging that appear to contain credible information, but which in fact lead users into clicking links which open sites, programs or content. So begins "exploit". Once opened connections or applications, even in the background, the attacker gains access to the operating system shell and manages to introduce malware chosen for the Apt.
Most of unknown malware is able to evade traditional antivirus, is carried by real-time web application rather than by email, in the form of attachment. It is what defines the mechanism drive-by-download and that's what we have to fear and fight today.
A special feature of this type of attack is that, even when It has reached the goal, the malware continues to gather on the target and It's constantly updated by the C&C to avoid being detected by security systems.
APT attacks are a real risk. They attack the goals with a very high success rate. In most cases are exploited security holes, so undetected by defense systems.
About the social engineering techniques used, too often we don't realize how much information we exhibit about us, about who we are, where we work, when we are in a place ... all this happens sometimes unconsciously, in our interaction with the social world. And often the thought of "who can be interested in me" justifies a too superficial attitude in providing this information.
Awareness means to elevate the paranoia level to become aware of how easy it is for an interested attacker correlate information to plan a targeted attack.
Think now on how easy for those who understand that you have helpful information, find you, or send you one of those weird emails with a strange attachments ...
Stay safe.
