Most of the industry agrees: malware is on the rise. My news feed rarely manages a week without an incident making the headlines. Here are some of the most recent events I’ve seen:
- Online retailer Newegg suffered a data breach at the hands of the same threat actor that’s responsible for recently infiltrating Ticketmaster and British Airways.
- Investigators learned that the website for Nova Scotia Business Inc. had been infected with malware as far back as 2012. Those involved with the investigation said there were several suspicious attempts to access data stored on the website in April 2018 but that no personal information had been compromised in those attempts.
- Europol warned in its 2018 Organised Crime Threat Assessment that ransomware “remains the key malware threat in both law enforcement and industry reporting” given the rise of targeted attacks and campaigns backed by nation-states.
To be sure, there’s an abundance of news reports from an increasing number of big businesses detailing significant breaches, as well as research papers arguing that the number of malware samples continues to grow. But press coverage alone might not give you the full picture.
So, how can you take the malware trend reports and get to the key facts that can drive a forward-thinking approach to security? One way is to break down the claims into something that: is easy to understand, passes a “does this make sense?” test, and offers a real opportunity to harden up your defenses in a practical fashion.
Take, for example, the fact that these malware trend reports from the International Journal of Pure and Applied Mathematics and Trend Micro. Both identify that malware variants are increasing. New versions of successful malware are becoming a quick win for their creators, while relatively minor changes can prevent detection in many cases. This passes the common-sense test, too.
It’s logical that a data thief is going to take advantage of creating a variant rather than starting from scratch. After all, the same is true of code reuse across the software industry! Finally, we need to consider what steps we can take to improve our posture now that we better understand this specific aspect of the malware threat.
This is where FIM can lend a hand. Consider the scenario where antivirus updates haven’t provided coverage for the latest malware variant or latest update. In cases like these, FIM is still on hand to help you to detect threats since it remains focused on the files that matter. Its purpose is no to watch out for the thief who’s trying to break in.
I often liken antivirus and firewall protection to securing your building with a security team that patrols your premises. They’ll stop nasty-looking guys at the door and catch the odd thief in the act as they try to make a run with the goods, but if they don’t recognize the criminal straight away, it’ll be hard to understand exactly what their plan was and, more importantly, if they got away with it.
FIM, on the other hand, is akin to your security cameras. They provide a watchful gaze, so that when something goes wrong, you’ve got the evidence to make things right again and prevent it from occurring again. Whether that’s restoring from backup, or taking new precautions depends on you getting to know the malware and how it affected your system.
With increasing legislative pressure on businesses to reveal information about breaches in greater detail and in more a timely fashion, FIM has the potential to help protect an organisation’s reputation when the worst-case scenario happens (and, based on the rise of major malware incidents we’ve seen in the past few years, many are coming to realize that such cases are becoming a question of “when” rather than “if”). FIM can also provide you with the tools you need to stop threats in their tracks.
Tripwire Malware Detection supplements the core FIM, SCM, and foundational controls of Tripwire Enterprise. Download this datasheet to learn how Tripwire Malware Detection provides protection against known threats and zero-day exploits, offers enterprise view of suspicious malware objects across all monitored systems and protects from repeat malware attacks by keeping track of known malware