FEATURE: THREAT ASSESSMENT
FEATURE:
the 2015 Verizon Data Breach Investigation
Report, 70% to 90% of malware samples
have traits that are exclusive to the
targeted organisation, and this approach of
customisation and bespoke tooling has only
grown since then.
Attackers don’t handcraft malware; they
modify existing malware just enough to
throw off signature-based defences. Malware
signatures work by creating hashes of
known bad files, so the smallest modification
prevents a match. Attackers simply add a
few bits to a malware file so the hash won’t
recognise it as malware. These changes occur
automatically with no human interaction.
Vast volumes of seemingly custom malware
are generated daily in this way. The key
is that while the malware’s bit pattern
may differ, its behaviour is the same. The
changes, which are designed to avoid
signature-based detection, are superficial.
Signatures also miss zero-day attacks that
target vulnerabilities in software or operating
Ammar Enaya, Regional Director –
Middle East, Turkey and North Africa
at Vectra
www.intelligentcio.com
INTELLIGENTCIO
35