This time the news is of the Cyber Security genre. There is the detection of the latest banking Trojan which can successfully eliminate the majority of antivirus programs in operations today.
As per the security experts at Bromium, this new strain of polymorphic malware has successfully evaded 50 out of the 65 AV engines tested, that is almost around 75 percent.
Also, as per Bromium, the malware is capable of avoiding antivirus programs by continually repackaging. To this, the company’s software engineer Matt Rowen regarded this is a portrayal of how intricate and sophisticated the Hackers are. So he added that “Historically, malware writers simply change the packaging or wrapper when they distribute malware. For instance, it might be a PDF or Word document, but the dropped malicious file inside could be weeks old and, as such, known to AV. Now we see the secondary executable is changing as well, so the malware is not recognized by AV. Worryingly, this shows that malware writers are really improving the standard of their engineering– that spells trouble for AV vendors, who will be forced into a whack-a-mole situation they can never win”.
A point of concern has also been raised by Bromium’s CTO for EMEA, Fraser Kyne, that this might result in copycats as other hackers would also now start imitating this same process for their treacherous means. Further, he added, “After WannaCry hit we saw a huge spike in malware using the Eternal Blue exploit. The techniques we are seeing are easy to apply to other types of malware. This has the potential to cause big headaches for businesses relying on detect-to-protect security tools such as anti-virus software”.
To get saved from this, Bromium repeats its usual advice, which includes not opening files which the user doesn’t know what they are, turning off macros, patching up both the OS and programs and layer upon security.
By adding to it they concluded that “Ultimately, AV protect-to-detect techniques are always going to be playing catch up. The only way to prevent this type of attack is to contain and isolate the application itself using virtualization. For example, opening email attachments or email links in isolated micro-VMs contains and controls malware. This way, even if an email does have malware, the hacker has nowhere to go, nothing to steal, and no way to persist on the machine.”