My TechDecisions

Network Security, News

Under-The-Radar Malware Strains IT Should Pay Attention To

These current strains of malware should be ultra-concerning to IT departments at companies of any size. Here's how to stop them.

Leave a Comment

Website Contact Form Malware

Hundreds of thousands of new malware variants emerge every single day, according to the AV-TEST Institute. We often hear about the most devastating malware attacks or those that spread most broadly, but unfortunately, there are many malware strains that slip under the radar and escape widespread attention due to the sheer volume of malware.

“These days, attackers are spoiled for choice when it comes to how they can get an infection started on a network,” Marc Laliberte, Sr. Security Analyst at WatchGuard, says.

We recently sat down with Laliberte to learn more about how these attacks happen and some recent malware strains which are creeping up on corporate data in 2021.

How malware attacks happen

According to Laliberte, the majority of attacks still start with a phish in some way or another.

“Sending an email or even a text message these days to try and trick an employee into either downloading a file, or going to a fake login portal and giving up their credentials. And then through that access, either just the victim downloading wherever the attachment or file was, or giving up their credentials, the threat actors can gain a foothold on the network and then do whatever they want,” he says.

Resource: IT Pro Tips for Avoiding a Phishing Attack

Laliberte’s team has also seen examples of exploit kits still running rampant on the internet, where if they can trick you into going to a malicious website under their control, and you’re not running an up to date version of your web browser, they can automatically exploit that start to attack.

Current malware strains to guard against

“A class of malware that we’ve seen really grow in popularity, are web shells,” he says. The problem with web shells is they can tend to be really difficult to detect, once they get on that server.

“An organization will have a a web server of some kind exposed to the internet. Maybe it’s their payroll application, maybe it’s Outlook Web Access. And a threat actor can exploit a vulnerability and basically drop a file on that server that then opens up a backdoor for them straight through the web application with the same permissions that that server has.”

Through that backdoor, they can then pivot and hit other holdings behind that company’s network and behind their perimeter. We’ve seen a lot of examples of these recently.

RanumBot

Hackers use this botnet attack to take over a user’s computer, and WatchGuard has recently associated it with the Remk ransomware strain specifically. Like the more popular Razy malware, it started off as a basic botnet trojan, but will now contain ransomware capabilities as well.

Laudanum

This was actually designed way back in 2014 for penetration testers.

Attackers use this web shell hack-tool to upload various file types to a website. It can take over control of the entire site if the website contains vulnerabilities in any of the languages that Laudanum covers.

The WatchGuard Threat Lab team has identified these and other variants of interest through the Firebox Feed data examined in its quarterly security reports.

Defending against them

Laliberte says it really boils down to inspecting traffic to your web server.

“Most network security appliances these days, can do HTTPS inspection really well, they basically do a man in the middle connection, decrypted inside their little ecosystem and then re encrypted on both ends.

“Now you can look for malware payloads like web shells, or just straight up malware binaries that are getting dropped on the server to and run them through anti malware tools as well. It’s through a combination of those on the perimeter with Endpoint Protection and endpoint detection response on the server itself that you really set yourself up for a chance of combating these threats.”

Other suggestions Laliberte makes:

  • Look for out of date servers or applications that could maybe get patched
  • Look for ones that don’t have adequate layers of protection in front of them and focus on those
  • Invest in network perimeter detection with inspection and HTTPS and encrypted traffic whenever you can
  • Employ strong Endpoint Protection backing that up
  • Inspect encrypted traffic through your corporate perimeter

 

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Guide to creating a ransomware response plan download
Creating a Ransomware Response Plan

Chances are ransomware hackers are researching your company right now. They’re investing time and money to choose the most profitable targets and a...

Re-imaging the office in the age of remote working
Re-imaging the Office in the Age of Remote Working

In a world of remote working, creating an engaging and inspiring workplace is fast becoming a top priority. Video walls that were once used to grab...

Create More Human-Centric Experiences With The Right Anywhere-Work Strategy
Create More Human-Centric Experiences With The Right Anywhere-Work Strategy

Work seamlessly between office and home locations with the right technology and support

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ