John Stevenson by John Stevenson | | Blog

Busting the Malware Myths

Every organisation wants protection from malware, but there are a lot of misunderstandings about the risks organisations face and how best to mitigate against them. Here we look at five common malware myths.

Myth 1: Attackers won’t attack your business.

Ransomware

According to Hiscox in 2020, a business in the UK was successfully hacked every 19 seconds. In 2021 global cybercrime is expected to inflict a total of $6 trillion USD in damages this year according to CyberSecurity Ventures. Despite spending record amounts on cyber security, organisations have never been more exposed to attack. Why?

The attack surface of the average organisation has grown exponentially over recent years. Digital transformation initiatives, self-service online portals and now the added risks from homeworking during the Covid-19 epidemic have all contributed to making organisations more exposed to potential attack than ever before.

Myth 2: The best way to stop malware is to use detection-based antivirus.

As far back as 2012, US journalist and industry veteran Brian Krebs caused uproar when he observed that on average, antivirus software was only 25% successful at detecting malware. Times have changed and defences have become more sophisticated. Now the statistics for antivirus software efficacy fall somewhere in a range between around 82% and 96%. Sound ok? Well if the average is somewhere around the 90% mark, 1 in 10 attempts to penetrate an organisation’s detection-based antivirus defences will succeed. Now the odds don’t seem so great.

The reason why the odds aren’t good, is that detection-based antivirus can only detect what it has “seen” before. Of course, there have been attempts to improve the odds. Sandboxes can help but they still rely on detection to try and identify threats. Artificial Intelligence and Machine Learning algorithms are useful, but they’re really just using computing power to try to detect a previously seen threat more quickly. Fundamentally, the problem with malware has always been that detection-based defences simply can’t keep up with it.

Myth 3: Detection-based antivirus detects the latest threats quickly enough to protect a business.

Using detection-based antivirus software can certainly help to protect a business, but the sheer number of vulnerabilities available for the attacker to exploit and the time it takes for both patches and antivirus signatures to be made available means that the so-called zero day window is still wide open. In fact, 58% of vulnerabilities are exploited by attackers before patches become available according to Mandiant in 2020.

Emotet is one of the most notorious pieces of malware of recent years. When Deep Secure researchers submitted a sample of this virus to a popular malware detection website that hosts all the major antivirus engines on the market, around 75% of them correctly identified it as a threat. Furthermore, even the slightest change to the Emotet sample saw the success rate plummet. Adding a simple HELLO WORLD comment line to the macro script saw the percentage correctly identifying the sample as malicious fall to 34%. Taking this modified version and copying and pasting it into a different Word document with different body content saw the success rate fall to 20%. The changes are trivial, but they highlight the fact that detection simply can’t keep pace with a piece of malware like Emotet that is constantly changing and being refined.

Myth 4: Detection-based antivirus will protect organisations from targeted or uniquely crafted attacks.       

The techniques used in targeted attacks are highly sophisticated. They are attacks that even a few years ago were the sole preserve of nation-state intelligence agencies and they are designed to avoid detection. The use of malware that exploits the zero-day window, fileless malware, polymorphic exploits and attacks concealed in images using steganography are all examples of techniques that routinely evade detection.

When it comes to protection against targeted or uniquely crafted attacks, the shortcomings of detection-based antivirus are acknowledged by industry analysts and government experts alike. Citing the need for alternative forms of cyber defence, industry analysts Gartner noted in 2018 that  “technical professionals who want protection from evasive, novel and unique attacks should move beyond detection.”  Earlier this year the UK National Cyber Security Centre (NCSC) published guidelines on how to protect trusted systems from attack, recommending a defensive technique called transformation to deal with the complex data types (e.g. Office files, images and PDFs) that are used by attackers to carry malware.

Myth 5: You can’t stop all the malware all the time.

Detection-based antivirus scanners are struggling to prevent attacks. There’s a groundswell of opinion that a successful attack is – sooner or later an inevitability. That you can’t stop all the malware all the time.

In fact, you can. You just need to use a defence that doesn’t rely on detection.  Deep Secure calls this alternative approach Threat Removal because that’s what it does – it removes the malware threat, and it does it so without trying to detect it.

It works by extracting the valid business information from files (either discarding or storing the originals), verifying the extracted information is well-structured and then building a brand new file to carry the information to its destination. This transformation-based approach is recommended by the UK NCSC.

Adding Deep Secure Threat Removal to your existing detection-based defences is a game changer because it delivers 100% efficacy. It really does make it possible to stop all the malware, all the time.

Visit www.deep-secure.com/try and see for yourself how Threat Removal works today.


View all posts