Total annual malware volumes are up 7x globally over the last five years according to data from AV-Test.org, which means internet users and businesses are witnessing a rising flood of maliciousness in their email and web interactions. That number is being matched by an ever rising number of techniques being incorporated into malware today in order to evade detection by traditional detection systems.
Just how evasive is today’s malware?
The research team at Cyren just concluded a study of malware sent to their cloud sandbox array during the first quarter of this year. They discovered that over 98 percent of malware making it to the sandbox array uses at least one evasive tactic, and that 32 percent of malware samples making it to this stage were what we could classify as “hyper-evasive,” layering on six or more detection evasion techniques.
Historically, some malware uses multiples of that number, like Cerber ransomware, which is extremely “sandbox aware” and runs 28 processes to check if it is really running in a target environment, refusing to detonate if it finds debuggers installed to detect malware, the presence of virtual machines (a basic “tell” for traditional sandboxes), or loaded modules, file paths, etc., known to be used by different traditional sandboxing vendors.
The Business of Malware
Malware in itself has become a business which provides it malicious apps as a service. Malware-as-a-Service (MaaS) has dropped the barriers-to-entry for would-be hackers over the past several years. The MaaS business model has provide the ability where any person with bad intentions and a few cryptocoins to rub together can click through user-friendly, do-it-yourself site on the dark web and quickly build and download a customized ransomware package. The research team at Cyren found a site where you can check boxes to include up to 27 different evasion techniques, providing options such as delayed execution, extension spoofers, fake junk code, and the choice of nine different encryption algorithms.
Throw Out the Old Mouse Trap
With so many evasion techniques available to would-be hackers, the age of Hyper-Evasive malware is upon us. The malware mouse has mutated and it’s time that we start using not just a better mouse trap, but a smarter one.
The Next Generation of Security is Here
We use machine learning and advanced algorithms to keep malware out of your network. Unlike traditional antivirus, our endpoint detection is not signature based. We can take it a step further and if an endpoint is not connected online, our security will still quarantine any malicious file that tries to deploy. Giving your complete endpoint security anywhere!
Ransomware, advanced threats, fileless malware and malicious documents are no match for the power of artificial intelligence. Replace your antivirus with the smartest endpoint security on the planet.