• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Downloads
  • Podcasts
  • Subscribe
  • Project of the Week
  • Latest News
  • About Us
    SEARCH
Network Security, News

Under-The-Radar Malware Strains IT Should Pay Attention To

These current strains of malware should be ultra-concerning to IT departments at companies of any size. Here's how to stop them.

March 17, 2021 Adam Forziati Leave a Comment

Website Contact Form Malware

Hundreds of thousands of new malware variants emerge every single day, according to the AV-TEST Institute. We often hear about the most devastating malware attacks or those that spread most broadly, but unfortunately, there are many malware strains that slip under the radar and escape widespread attention due to the sheer volume of malware.

“These days, attackers are spoiled for choice when it comes to how they can get an infection started on a network,” Marc Laliberte, Sr. Security Analyst at WatchGuard, says.

We recently sat down with Laliberte to learn more about how these attacks happen and some recent malware strains which are creeping up on corporate data in 2021.

How malware attacks happen

According to Laliberte, the majority of attacks still start with a phish in some way or another.

“Sending an email or even a text message these days to try and trick an employee into either downloading a file, or going to a fake login portal and giving up their credentials. And then through that access, either just the victim downloading wherever the attachment or file was, or giving up their credentials, the threat actors can gain a foothold on the network and then do whatever they want,” he says.

Resource: IT Pro Tips for Avoiding a Phishing Attack

Laliberte’s team has also seen examples of exploit kits still running rampant on the internet, where if they can trick you into going to a malicious website under their control, and you’re not running an up to date version of your web browser, they can automatically exploit that start to attack.

Current malware strains to guard against

“A class of malware that we’ve seen really grow in popularity, are web shells,” he says. The problem with web shells is they can tend to be really difficult to detect, once they get on that server.

“An organization will have a a web server of some kind exposed to the internet. Maybe it’s their payroll application, maybe it’s Outlook Web Access. And a threat actor can exploit a vulnerability and basically drop a file on that server that then opens up a backdoor for them straight through the web application with the same permissions that that server has.”

Through that backdoor, they can then pivot and hit other holdings behind that company’s network and behind their perimeter. We’ve seen a lot of examples of these recently.

RanumBot

Hackers use this botnet attack to take over a user’s computer, and WatchGuard has recently associated it with the Remk ransomware strain specifically. Like the more popular Razy malware, it started off as a basic botnet trojan, but will now contain ransomware capabilities as well.

Laudanum

This was actually designed way back in 2014 for penetration testers.

Attackers use this web shell hack-tool to upload various file types to a website. It can take over control of the entire site if the website contains vulnerabilities in any of the languages that Laudanum covers.

The WatchGuard Threat Lab team has identified these and other variants of interest through the Firebox Feed data examined in its quarterly security reports.

Defending against them

Laliberte says it really boils down to inspecting traffic to your web server.

“Most network security appliances these days, can do HTTPS inspection really well, they basically do a man in the middle connection, decrypted inside their little ecosystem and then re encrypted on both ends.

“Now you can look for malware payloads like web shells, or just straight up malware binaries that are getting dropped on the server to and run them through anti malware tools as well. It’s through a combination of those on the perimeter with Endpoint Protection and endpoint detection response on the server itself that you really set yourself up for a chance of combating these threats.”

Other suggestions Laliberte makes:

  • Look for out of date servers or applications that could maybe get patched
  • Look for ones that don’t have adequate layers of protection in front of them and focus on those
  • Invest in network perimeter detection with inspection and HTTPS and encrypted traffic whenever you can
  • Employ strong Endpoint Protection backing that up
  • Inspect encrypted traffic through your corporate perimeter

 

Tagged With: Cyber Security, Malware

Related Content:

  • Remote Work Productivity, tips for 2021, carbon emissions Will Continued Adoption of Remote Work Technologies Cut…
  • FBI Microsoft Exchange Server FBI Removes ‘Hundreds’ Of Web Shells From Compromised…
  • ASCII Group ASCII Group CEO on a Mission to Elevate…
  • Microsoft Microsoft Issues Fixes For 108 Vulnerabilities, Including Four…

Free downloadable guide you may like:

  • These Are THE Key Issues For CIOs in 2021

    In this new research survey from The Hackett Group, it was found that IT priorities are geared up for an aggressive and accelerated transformation agenda. The IT department is poised to become a strategic partner with their business and guide stakeholders through a year of growth. This is the year of experimentation and adaption as […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Tackling the Virtual Culture Dilemma

COVID-19 has turned much of our lives upside down. At over one year into the pandemic, many of us are still working from home, which has been the b...

These Are THE Key Issues For CIOs in 2021

In this new research survey from The Hackett Group, it was found that IT priorities are geared up for an aggressive and accelerated transformation ...

These Are The 2021 Trends in Control Rooms And Operation Centers

Join Shelley Johnson, Principal Engineer at The MITRE Corporation, Shane Vega, National Business Development Manager at AVI-SPL, and Dan Griffin, V...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Terms of Use
  • Privacy Policy
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!

© 2021 Emerald X, LLC. All rights reserved.