Professional Documents
Culture Documents
Malware Protection Ebook
Malware Protection Ebook
Malware Attacks
Starts Here
The Ultimate Guide to Building Your
Malware Defense Strategy
Ransomware is continually one of the top threats worldwide, and cyber criminals
are only becoming more bold even using it to attack government agencies around
the world.1
The threat of malware is rising year-over-year, with Forbes Today’s IT professionals need to focus on building a more user-
estimating malware as the most common cause of cyberattacks centric security design, and onboarding technology that can act
as of mid-2022, covering more than one fifth of all cyber before an employee or a customer is infected.
incidents. 2
After all, the same HBR researchers found that in 85% of cases
Meanwhile the Harvard Business Review (HBR) says, where employees violated cybersecurity rules, they did so
“While IT specialists toil away to create better, smarter, and safer because they felt it would help them or their colleagues to best
technical systems, there is one risk they can’t program away: perform their job. Most employees aren’t acting maliciously,
humans. Especially as remote work becomes more prevalent and yet the vast majority aren’t ignorant either. Instead, most
and thus access to secure systems becomes more distributed, workers are making real-time decisions to balance security with
one wrong click by an employee can often be enough to threaten productivity, and are weighing up the cost/benefit of risking one
1. https://www.wired.com/story/costa-rica-ransomware-conti/
2. https://www.forbes.com/sites/chuckbrooks/2022/06/03/alarming-cyber-statistics-for-mid-year-2022-that-you-need-to-know/
3. https://hbr.org/2022/01/research-why-employees-violate-cybersecurity-policies
This eBook will look at the growing risk of malware, and the smart route to securing
your business environment, covering:
AV-Test5.5
4. https://en.wikipedia.org/wiki/Elk_Cloner
5. https://www.av-test.org/en/statistics/malware/
Breaking Down the Term: What’s There are numerous types of malware
attacks, but let’s cover some of the most
Covered By The Word Malware?
common:
malicious download.
by 2031 6
6. https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-
reach-250-billion-usd-by-2031/
Viruses and Worms Trojans
These are two different kinds of malware, both of A trojan is less a kind of malware, and more a
which work by rapidly copying themselves across a method of entry. It’s an example of a blended
network. Once a worm has achieved access to your malware attack, as discussed earlier. For example,
network, it can spread without the original host file, a trojan could be a virus or a worm, but it is
and without human input. Its goal is to consume distinguished by its method — the way that it
system resources, and it can be controlled remotely. disguises itself as a legitimate software application.
However, a virus will need some form of interaction in The user thinks they are downloading a necessary
order to execute, for example a user enabling macros or known software tool or update, and this makes
on the malicious file. At this point, the virus will be it more likely that they will trust its download and
activated and it can copy itself, corrupting files or execution. The name “trojan” refers to the way the
impacting performance, and spreading to additional attack makes its way into your network. Trojans are
endpoints. often delivered via a phishing scam where users are
directed to a fake version of a known website and
encouraged to download software directly.
Spyware Malvertising
Once spyware has established a foothold in your This form of malware spreads either by clicking on
network, it can gather information about your behavior infected adverts or pop-ups on websites, or simply by
and then forward this to third-parties. For example, visiting the compromised website, which will trigger
keylogging software is spyware where bad actors track the malware when the website page loads. This can
your keystrokes to obtain credentials or sensitive data. download PUPs (Potentially Unwanted Programs) or other
Spyware does not usually spread to other devices types of malware, such as viruses or worms. Malvertising
within the network, unlike a virus or a worm, it does not can be very smart, using your browsing history to
replicate. However, using the stolen credentials, attackers determine what kind of advert or fake software would
could access the network directly. be most likely to encourage you to click, or to visit the
As malware continues to rise in occurrence, sophistication, Add to this the cost of employee hours spent working on
and variance, you might wonder - where are the costs limiting the spread of an attack, or fees for managed service
coming from? providers hired to get business up and running again, as well
downtime, which can be 50 times more than the ransom itself. 7 On top of that, malware can cause devastating reputational
7. https://www.datto.com/uk/blog/downtime-the-true-cost-of-a-ransomware-attack
The Challenges of Preventing Malware
What makes malware so hard to stop in its tracks? First, we This has been exacerbated by the rise in remote work,
must consider the average organization’s ability to detect an preventing businesses from being able to adequately track
attack in the first place. Dwell time is an industry metric that employee exposure to malicious content. According to IBM, the
measures the moment between when a cyberattack occurs average cost of malware is more than $1M higher when remote
and when it is identified. Far from getting shorter as technology work is a factor in the breach 10. When employees are working
becomes more sophisticated, Sophos identified a 36% increase from home, visibility becomes more difficult, employees
in the median dwell time between 2020 and 2021 from 11 days tend to act with less caution, and as endpoints and users are
8. https://news.sophos.com/en-us/2022/06/07/active-adversary-playbook-2022/
9. https://www.forbes.com/sites/forbestechcouncil/2021/05/03/why-the-dwell-time-of-cyberattacks-has-not-changed/?sh=a7928bd457d8
10. https://www.ibm.com/security/data-breach
Would You Recognize a Malware Attack?
Indicators of compromise
Playbook
These are, Identify, Protect, Detect,
Respond, and Recover.
8. https://www.nist.gov/cyberframework/online-learning/five-functions
Step
1
Identify
Identification of the cybersecurity challenges that your Ask yourself:
business is facing should be taken from two directions. First,
• What users need which levels of access?
from a wide angle view. Simply — what threats are prevalent
• Where do we store our most sensitive data?
today? The malware listed above is a good starting point for
• What devices are most at risk of malware infection?
the risks businesses need to be aware of. The majority of these
Once you know what risks you’re up against — what do you single place.
threats before they infect company endpoints. Zero trust? With this model, only those users
decrypts and checks all web traffic before allowing the user
granted access to the requested website, and any files will not
be downloaded.
tells them the website or file contained malware and has been
blocked.
Step
4
Respond
So far we’ve seen how Malware Protection does the hard work While the list of potential measures is large, there are a few
on your behalf by checking all traffic for signs of malicious basic tactics that should be part of most responses. The first
intent, while smart web filtering rules help avoid potentially step is to limit the damage by isolating infected endpoints from
dangerous websites. But now it’s time to talk about how to the network to avoid further infection. It’s also important to
There are numerous steps that could be required to respond Next, take a wider, network-level approach by ensuring that
to a potential threat and many of them will depend on specific all devices have the most current versions of their respective
threat was a cryptoworm (ransomware that spreads through Perimeter 81’s single-pane-of-glass management platform
the network as a worm such as WannaCry) then any devices can ensure that all endpoint security tools are running their
accessing offline backups would have to be thoroughly latest versions through the Device Posture Check (DPC)
checked. feature.
Step
5
Recover
While studies show that recovery from a malware attack can But what do you do with the endpoints or servers that are
take months or even years, when you’ve followed steps one damaged? First, if applicable, it’s important to restore backups
through four recovery will be shorter and less painful. With Web via offline disks or cloud-based backups that were unaffected
Filtering and Malware Protection in place you’re reducing the by the attack. Then it’s important to ensure that your network is
potential damage a malware infection can generate. sound with no further signs of infection.
If the worst occurs and a hacker does make it through your It’s also important to create an incident response (IR) that
defenses, or you’re hit by a more complex attack method such reviews how the malware infection happened in the first place,
as fileless malware, your environment is segmented, limiting the and how it can be prevented from happening again. Perhaps
propagation of the malware. a new security tool is required, or even an additional one, or
from access, and wider resources are protected by network Finally, it’s on to dealing with the public, be it the wider public
segmentation and user-based rules. or your customer base, and taking steps to limit damage to the
brand itself.
The damage will be limited to a single segment, which in many
Respond Recover
View continuous activity Contain damage ahead of
tracking and web logs time, ensuring quick TTR
At each stage of the cybersecurity framework, Perimeter 81 shows up for your business.
Malware Protection supports the cybersecurity framework At the same time, creating tight zero-trust policies allows
by scanning all user browsing, and blocking suspicious traffic admins to better protect their data and critical assets. Then
in real-time. Complemented by our Web Filtering, Malware even if the worst occurs, attacks would never make it past their
Protection enables you to achieve a powerful defense against initial foothold, and lateral movement would be greatly limited.
Finally, malware activity logs give you full visibility into how
Web Filtering is a flexible solution to help control access to attackers are threatening your network, and how end-users are
website categories and apply it to defined users and user utilizing the web. This allows you to understand the greatest
groups. You can decide which websites should be blocked, risks for your business, isolate high-risk employee groups, and
warned against, or allowed. By blocking access and exposure work on shoring up security and compliance overall.
malvertising attacks.
Ready to learn more, and see how Perimeter 81 can help you protect your network?
Get in touch to schedule a demo.
About Perimeter 81
Perimeter 81 is a robust, yet easy-to-use, converged Contact Us
networking and network security platform which connects Perimeter 81 Ltd.
all users, in the office or remote, to all resources, located sales@perimeter81.com
on-prem, or clouds. It is a cloud-native service that includes perimeter81.com