Sponsored By

Tips for Protecting Against Malware AttacksTips for Protecting Against Malware Attacks

With malware attacks increasing, how can enterprise protect their infrastructure?

Gary Audin

December 26, 2019

3 Min Read
Tips for Protecting Against Malware Attacks

Anyone in IT knows the importance of securing an environment from malicious actors, utilizing a proactive security plan, and developing a disaster recovery plan for worst-case scenarios. Despite technologies getting better and IT plans being put in place, malware attacks persist. According to a WatchGuard Technologies report, total malware attacks discovered in Q3 2019 rose by 30%, based on WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet. So, where are these threats coming from, and more importantly, how can enterprises protect themselves from such attacks?

 

A Look at the Threat

Security attacks have no boundaries, and they can be initiated by hackers, governments, and other organizations. Regardless of where they're coming, one thing is clear – attacks are increasing dramatically. From their analysis, WatchGuard's team of threat researchers observed a significant increase in both malware and network attacks in Q3 2019. For instance, zero-day malware (attacks that bypass traditional signature-based solutions) increased to almost 50% of all malware. In their report, they also discovered:

  • Network attacks rose 8% from Q2 to Q3, while the number of unique attacks remained stable at 345, according to WatchGuard.

  • Two Apache Struts exploits were found, including the one that was responsible for the Equifax breach.

  • By region, the Americas detected the most malware at 42% of overall malware, according to WatchGuard. Europe and the Middle East (EMEA) experienced 30% of the overall malware detected, and APAC regions had the remaining 28% of malware detected.

  • The largest majority of widespread malware attacks (attacks that affect a large number of individuals) targeted the Americas at 60% of the total, while Brazil was also targeted with a high volume of attacks.

  • The credential threats continue. Mimikatz threats that are used to primarily steal users’ passwords were the number one threat but have dropped to number three for WatchGaurd. An emerging new credential threat, Windows Credential Editor (WCE), was added to the list, demonstrating that authentication mechanisms are still a target.

 

How to Protect Your Network

While there is no 100% guarantee that the security measures you put in place will prevent an attack, there are things that you can do to put you on a solid security footing, including:

  • Use tools that catch code injectors – most malware detections came from two code injection malware payloads, Win32/Heri and Win32/Heim.D. Make sure you are using tools that watch the process behaviors and can detect malicious deviations.

  • Phase-out Flash – Some users still run old versions of Adobe Flash that leave them vulnerable to attack.

  • Maintain your own web app infrastructure.

  • Use proactive anti-malware for security enforcement

  • Employ multi-factor authentication

  • Don’t postpone patching

  • Keep web apps up-to-date

  • Beware of baffling or confusing certificates

 

As security tools evolve, so do attackers – never assume that your tools will be perfect. Successful security operations are much like first responders; they act within a short amount of time to fix the issue, but unfortunately, sometimes they can’t save the day. For attacks that get through and cause damage to your enterprise, take it as a teachable moment to find ways to mitigate the problem in the future.

About the Author

Gary Audin

Gary Audin is the President of Delphi, Inc. He has more than 40 years of computer, communications and security experience. He has planned, designed, specified, implemented and operated data, LAN and telephone networks. These have included local area, national and international networks as well as VoIP and IP convergent networks in the U.S., Canada, Europe, Australia, Asia and Caribbean. He has advised domestic and international venture capital and investment bankers in communications, VoIP, and microprocessor technologies.

For 30+ years, Gary has been an independent communications and security consultant. Beginning his career in the USAF as an R&D officer in military intelligence and data communications, Gary was decorated for his accomplishments in these areas.

Mr. Audin has been published extensively in the Business Communications Review, ACUTA Journal, Computer Weekly, Telecom Reseller, Data Communications Magazine, Infosystems, Computerworld, Computer Business News, Auerbach Publications and other magazines. He has been Keynote speaker at many user conferences and delivered many webcasts on VoIP and IP communications technologies from 2004 through 2009. He is a founder of the ANSI X.9 committee, a senior member of the IEEE, and is on the steering committee for the VoiceCon conference. Most of his articles can be found on www.webtorials.com and www.acuta.org. In addition to www.nojitter.com, he publishes technical tips at www.Searchvoip.com.