In the on-going battle between malware makers and security vendors, the malware makers are taking a page from the book of legitimate developers and are using QA to test their products to be sure the products are effective. Unfortunately, in this case effective means effective in evading the tools designed to protect systems.
Dancho Danchev, writing in the Webroot Threat Blog in a posting entitled, How cybercriminals apply Quality Assurance (QA) to their malware campaigns before launching them, describes how online cyber crime tools that have been used by hackers since 2009. This is a screenshot from one of these online development tools.
Dancho reports that these online tools are now appearing as desktop solutions for hackers who don’t want to expose their work on-line. Dancho warns,
The existence of this service, and the community that’s apparently orbiting around it, greatly reminds us of the limitations of signatures-based antivirus scanning in 2013. Thanks to commercially available DIY malware crypting services, commercially available undetected DIY malware generating tools, as well as managed malware/ransomware services taking care of the detection process, cybercriminals are perfectly positioned to capitalize on the users’ false feeling of security and lack of situational awareness on the whole infection process.
Better malware means two things for the enterprise. First, as Dancho observes, better situational awareness. It also means better prevention. With spearphishing being the infiltration method of choice, enterprises need to prevent that exploit with a real spearphishing defense.
Spearphishers deceive employees into making bad email decisions that compromise security. IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.
You can contact us at 408-727-6342,ext 3 or use our online form.