Intelligent CIO Africa Issue 42 | Page 35

FEATURE: THREAT ASSESSMENT FEATURE: the 2015 Verizon Data Breach Investigation Report, 70% to 90% of malware samples have traits that are exclusive to the targeted organisation, and this approach of customisation and bespoke tooling has only grown since then. Attackers don’t handcraft malware; they modify existing malware just enough to throw off signature-based defences. Malware signatures work by creating hashes of known bad files, so the smallest modification prevents a match. Attackers simply add a few bits to a malware file so the hash won’t recognise it as malware. These changes occur automatically with no human interaction. Vast volumes of seemingly custom malware are generated daily in this way. The key is that while the malware’s bit pattern may differ, its behaviour is the same. The changes, which are designed to avoid signature-based detection, are superficial. Signatures also miss zero-day attacks that target vulnerabilities in software or operating Ammar Enaya, Regional Director – Middle East, Turkey and North Africa at Vectra www.intelligentcio.com INTELLIGENTCIO 35