My TechDecisions

Network Security, News

Under-The-Radar Malware Strains IT Should Pay Attention To

These current strains of malware should be ultra-concerning to IT departments at companies of any size. Here's how to stop them.

Leave a Comment

Website Contact Form Malware

Hundreds of thousands of new malware variants emerge every single day, according to the AV-TEST Institute. We often hear about the most devastating malware attacks or those that spread most broadly, but unfortunately, there are many malware strains that slip under the radar and escape widespread attention due to the sheer volume of malware.

“These days, attackers are spoiled for choice when it comes to how they can get an infection started on a network,” Marc Laliberte, Sr. Security Analyst at WatchGuard, says.

We recently sat down with Laliberte to learn more about how these attacks happen and some recent malware strains which are creeping up on corporate data in 2021.

How malware attacks happen

According to Laliberte, the majority of attacks still start with a phish in some way or another.

“Sending an email or even a text message these days to try and trick an employee into either downloading a file, or going to a fake login portal and giving up their credentials. And then through that access, either just the victim downloading wherever the attachment or file was, or giving up their credentials, the threat actors can gain a foothold on the network and then do whatever they want,” he says.

Resource: IT Pro Tips for Avoiding a Phishing Attack

Laliberte’s team has also seen examples of exploit kits still running rampant on the internet, where if they can trick you into going to a malicious website under their control, and you’re not running an up to date version of your web browser, they can automatically exploit that start to attack.

Current malware strains to guard against

“A class of malware that we’ve seen really grow in popularity, are web shells,” he says. The problem with web shells is they can tend to be really difficult to detect, once they get on that server.

“An organization will have a a web server of some kind exposed to the internet. Maybe it’s their payroll application, maybe it’s Outlook Web Access. And a threat actor can exploit a vulnerability and basically drop a file on that server that then opens up a backdoor for them straight through the web application with the same permissions that that server has.”

Through that backdoor, they can then pivot and hit other holdings behind that company’s network and behind their perimeter. We’ve seen a lot of examples of these recently.

RanumBot

Hackers use this botnet attack to take over a user’s computer, and WatchGuard has recently associated it with the Remk ransomware strain specifically. Like the more popular Razy malware, it started off as a basic botnet trojan, but will now contain ransomware capabilities as well.

Laudanum

This was actually designed way back in 2014 for penetration testers.

Attackers use this web shell hack-tool to upload various file types to a website. It can take over control of the entire site if the website contains vulnerabilities in any of the languages that Laudanum covers.

The WatchGuard Threat Lab team has identified these and other variants of interest through the Firebox Feed data examined in its quarterly security reports.

Defending against them

Laliberte says it really boils down to inspecting traffic to your web server.

“Most network security appliances these days, can do HTTPS inspection really well, they basically do a man in the middle connection, decrypted inside their little ecosystem and then re encrypted on both ends.

“Now you can look for malware payloads like web shells, or just straight up malware binaries that are getting dropped on the server to and run them through anti malware tools as well. It’s through a combination of those on the perimeter with Endpoint Protection and endpoint detection response on the server itself that you really set yourself up for a chance of combating these threats.”

Other suggestions Laliberte makes:

  • Look for out of date servers or applications that could maybe get patched
  • Look for ones that don’t have adequate layers of protection in front of them and focus on those
  • Invest in network perimeter detection with inspection and HTTPS and encrypted traffic whenever you can
  • Employ strong Endpoint Protection backing that up
  • Inspect encrypted traffic through your corporate perimeter

 

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Download TechDecisions' Blueprint Series report on Security Awareness now!
Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared t...

Workplace Collaboration Tools for Corporate Spaces
Workplace Collaboration Tools for Corporate Spaces

From lobbies and shared spaces to conference rooms and multipurpose facilities, you need high-performing AV technology to effectively share informa...

ChatGPT, generative AI, enterprise, workplace
Blueprint Series: ChatGPT and Generative AI in the Workplace

This latest release of the TechDecisions Blueprint Series explores the new phenomenon of tools such as ChatGPT and how IT leaders should go about d...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ