McAfee Labs discusses the latest stealth malware attack in their most recent quarterly Malware Threats Report.
Malware continues to develop new Stealth technology that maybe as leading edge as the Stealth Bomber.
The sophistication of malware continues to escalate. The latest technique cleans up after itself to make it even harder to detect. This escalation takes things to a whole new level of sophistication.
In this last quarter’s report, a new stealth technique is discussed where malware hides in non-traditional spaces, eradicating any file saving requirement that typically exposes it to detection.
“In recent years, malware authors have explored new techniques to evade detection by staying low in the system stack. They have also challenged detection through attack hardening, using such techniques as polymorphism, implanting watchdogs, revoking permissions, and more. Most recently, malware authors have precisely crafted their malware to use features such as Windows Management Instrumentation and Windows PowerShell to perform an attack without saving a file on disk.
Although fileless, memory-resident infections have been known to the security industry for a long time. Past infections always deposited a small binary somewhere on disk, but the newest evasion techniques used by fileless malware—Kovter, Powelike, and XswKit, for example—leave no trace on disk, thus making detection, which generally relies on static files on disk, more difficult.”
It’s hard for any organization to keep up with the ever-changing landscape of cyber security, unless you have full-time staff and lots of them. For this reason, many companies are outsourcing their cyber security processes and personnel, just like they’re moving mainstream data and applications to cloud hosting. But, those may not be the right moves for your organization. If you’d like some help deciding, give Sentar a call. We can help you correctly determine the right direction, likely saving you money while improving your security posture.