Intelligent CIO LATAM Issue 03 | Page 54

FEATURE : MALWARE
will offer to do penetration testing , while others may go into malware development and attacking .
Almost all new entrants into the game are looking to build something and see what they can get past our defenses . Almost all of those that I interviewed over the last year are getting into ransomware , which could explain why SonicWall saw a 62 % rise in this malware type in 2020 .
The strains they are building are becoming so advanced that it scares me . They have moved from idolizing fictional characters to becoming the real attackers . In the case of Hildacrypt , they have moved from making their own version of Petya to driving to create a strain modeling the tactics of the crew that developed SamSam ransomware .
Faster development
Other bands of people will join fellow attackers to create ransomware and other forms of malware with different modules ( malicious bootloaders , runners , decrypters , etc ) and test it on real-world subjects .
After a round of attacks , they will go to VirusTotal to see if anyone has identified their strain . After discovery ,

THE THREAT LANDSCAPE IS AS ACTIVE AS IT IS BECAUSE OF MANY NEW ENTRANTS TO THE GAME AND FASTER DEVELOPMENT .

they will make changes to the code , ensuring any files used hash differently ( hashing a file is how a computer identifies a file ). They ’ ll also improve a strain ’ s performance to make it more effective .
After this , the next attack launches , and the cycle repeats itself . For instance , WannaCry had numerous versions come out within the initial weeks of the first major attacks . While VirusTotal isn ’ t the end-all for malware detection , since it ’ s the most notable , attackers will frequently check to see when their strains are registered , which takes around two to three days before they must switch gears . With that information , they will build in new evasion tactics based on who found them first and work backwards as they build other versions .
Over time , these malware developers may transition from project to project , bringing their expertise and experience with them when developing a new strain of malware with a new team . When they struggle to build a module themselves or have issues troubleshooting a problem , there is an active and cheap marketplace with customer service available to help fill in the gaps .
Today , it is easier to get paid through ransomware and then pay for help developing code thanks to cryptocurrencies . So , for the foreseeable future , you can expect to see more people getting into malware development , with many new variants on the horizon .
Stopping malware of the future
The storyline behind advanced persistent threats goes far beyond ransomware . The other hot ticket is , and always has been , the exfiltration of data from corporate sources . I have always said that the best way to set your IT security budget is to ask yourself : “ What is the value of my data to an attacker ?” A lot of us overly protect data that is of little use to an attacker yet leave some essential data less guarded because it means less to us . Our customers ’ data and intellectual data are two of the things we typically protect first .
When developing your philosophy on upgrading your network protection , we typically start at the network ,
54 INTELLIGENTCIO LATAM www . intelligentcio . com