Respiratory Virus Detections in Canada Respiratory Virus ...
The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017...
Transcript of The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017...
![Page 1: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/1.jpg)
The Current Malware Threat Landscape –and Best Practices for Enterprise-Grade Remediation
Krishnan Natarajan Malwarebytes
![Page 2: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/2.jpg)
2
KrishnanNatarajan
Senior Director, Malwarebytes
Krishnan Natarajan is Senior Director for Malwarebytes, based in Santa Clara California. He has experience with multiple areas of information security: web application security, user and entity behavior analytics, insider threat, data loss prevention, and endpoint security. Prior to Malwarebytes, Krishnan has held leadership roles at several S.F. Bay Area companies including Whitehat Security, Dtex Systems, and Hewlett-Packard.
BIOQ U I C K
![Page 3: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/3.jpg)
3
AGENDA
01 02 03Introduction The Current
Malware Threat Landscape
Addressing the
Malware Threat:
Enterprise-Grade
Remediation
![Page 4: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/4.jpg)
4
BACKGROUNDC O M P A N Y
By the numbers Locations
Santa Clara, CA (HQ)
Tampa Bay, FL
Cork, Ireland
Tallinn, Estonia
Singapore
Syndey
100MB2C Customers
60K+B2B Customers
4M+Threats blocked
every day
500KDownloads
per day
![Page 5: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/5.jpg)
5
CUSTOMERS
B R O A D R A N G E O F
60,000businesses
worldwide
![Page 6: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/6.jpg)
6
The Current
Threat Landscape
What’s New / What’s the Same
![Page 7: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/7.jpg)
7
CHALLENGET H E
Perception
2%of Endpoints
Reality
60%Have hidden
threats
vs.
30% of threats are criticalTrojans | Backdoors | Rootkits
98%preventionis a myth!
![Page 8: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/8.jpg)
8
CYBERSECURITY THREATSI M P A C T O F
73%Organizations impacted by
security event in past 12 months
$1.9MAnnual spend on
cybersecurity-related costs
$430kCost to remediate a major
security event
Employee Downtime / Loss of Productivity
![Page 9: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/9.jpg)
9
![Page 10: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/10.jpg)
10
0
500,000
1,000,000
1,500,000
2,000,000
2,500,000
3,000,000
2017-2018B U S I N E S S D E T E C T I O N S :
![Page 11: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/11.jpg)
11
2018B U S I N E S S D E T E C T I O N S B R E A K D O W N
Generic.Malware
32%
Generic.Trojan
23%
Trojan.Emotet
19%
Trojan.TrickBot
6%
Backdoor.Vools
6%
RiskWare.BitCoinMiner
5%
RiskWare.IFEOHijack
3%
Hijack.Tray
2%
Generic.Backdoor
2%Ransom.WannaCrypt
2%
![Page 12: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/12.jpg)
12
Business Detections 2017/2018
Pos. Threat Y/Y% Change
1 Trojan 132%
2 Hijacker 43%
3 Riskware Tool 126%
4 Backdoor 173%
5 Adware 1%
6 Spyware 142%
7 Ransom 9%
8 Worm -9%
9 Rogue -52%
10 HackTool -45%
Overall Detections
2017 39.970.81279%
2018 71.823.114
2017 vs 2018W H A T ’ S C H A N G E D
![Page 13: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/13.jpg)
13
Business Detections 2017/2018
Pos. Threat Y/Y% Change
1 Trojan 132%
2 Hijacker 43%
3 Riskware Tool 126%
4 Backdoor 173%
5 Adware 1%
6 Spyware 142%
7 Ransom 9%
8 Worm -9%
9 Rogue -52%
10 HackTool -45%
Overall Detections
2017 39.970.81279%
2018 71.823.114
2017 vs 2018W H A T ’ S C H A N G E D
![Page 14: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/14.jpg)
14
US EMOTET BUSINESS
DETECTIONS 2018
![Page 15: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/15.jpg)
15
US TRICKBOT BUSINESS
DETECTIONS 2018
![Page 16: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/16.jpg)
16
‘ETERNAL’ MALWARE FAMILIES
Emotet
▪ Originally a banking trojan
▪ Downloader
▪ Built-in Spam Module
▪ Eternal exploits utilizedfor lateral movement
▪ Greater focus onbusiness in 2018
![Page 17: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/17.jpg)
17
‘ETERNAL’ MALWARE FAMILIES
Trickbot
▪ Originally a banking trojan
▪ Downloader
▪ Credential stealer / brute force
▪ Eternal exploits utilizedfor lateral movement
▪ Greater focus onbusiness in 2018
0
20,000
40,000
60,000
80,000
100,000
120,000
2017 - 2018 Global Business Trickbot Detections
![Page 18: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/18.jpg)
18
CRYPTOMINERS
▪ First half of year, miner domination
▪ Large spikes in value match large
spikes in detections
▪ Detection numbers have returned to
normal
2017 - 2018 Business Cryptominer Detections
![Page 19: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/19.jpg)
19
PREDICTIONS
‘Eternal’ malware will become the norm
▪ Eternal exploits used with in-the-wild malware
▪ Already we have seen 3+ families use this in 2018
▪ More malware will follow suit as long as its effective
Cryptominingis dead
▪ Value of crypto currencies dropped mid 2018
▪ Mining infections followed closely behind
▪ Unless value spikes, we wont’ see too many miners in 2019
New attacktechnology
▪ Attack technology in constant development
▪ State-sponsored malware tools being leaked
▪ ‘Soundloggers’ possible threat in 2019 for states
![Page 20: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/20.jpg)
20
PREDICTIONS
Artificial Intelligence
▪ AI will likely play a part in malware development in 2019
▪ Expected to see if used to distribute undetected malware first
BYOS grows
▪ Less confidence in business security
▪ Users take control of their own security
▪ Less reliance on storing data remotely
![Page 21: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/21.jpg)
21
SUMMARY
Spike in business attacks in 2018
Significant ‘Eternal’ exploits employed by Emotet / Trickbot
Networked computers vs Eternal worm functionality is a far better ROI than individuals
Old ‘Eternal’ threats like WannaCry still around.
![Page 22: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/22.jpg)
22
Addressing the
Malware Threat
![Page 23: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/23.jpg)
23
RESPONSE
E N D P O I N T D E T E C T I O N A N D
Antivirus Misses an Infection
EDR Logs Analyzed
Enrich with Threat Intel
Alert Created
SOC Engineer Investigates
What is the Response?
oading
![Page 24: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/24.jpg)
24
WHAT COMPANIES TYPICALLY DO
![Page 25: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/25.jpg)
25
PREVENT
Multiple Protection Layers
DETECT
Advanced Detection Techniques
RESPOND
Comprehensive
Remediation
THREE PART SOLUTION
A B E T T E R W A Y
![Page 26: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/26.jpg)
26
LAYERSP R O T E C T I O NWeb Protection
Application Hardening
Application Behavior
Exploit Mitigation
Payload Analysis
Anomaly Detection Machine Learning
Ransomware Mitigation
Suspicious Activity Monitor (Flight Recorder)
Endpoint Isolation
Linking Engine Remediation
Ransomware Rollback
Matching-based
Signature-less
Responsecapabilities
Pre- Delivery
Pre- Execution
Post-Execution
![Page 27: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/27.jpg)
27
LAYERSD E T E C T I O NWeb Protection
Application Hardening
Application Behavior
Exploit Mitigation
Payload Analysis
Anomaly Detection Machine Learning
Ransomware Mitigation
Suspicious Activity Monitor (Flight Recorder)
Endpoint Isolation
Linking Engine Remediation
Ransomware Rollback
Matching-based
Signature-less
Responsecapabilities
Pre- Delivery
Pre- Execution
Post-Execution
![Page 28: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/28.jpg)
28
LAYERSR E M E D I A T I O NWeb Protection
Application Hardening
Application Behavior
Exploit Mitigation
Payload Analysis
Anomaly Detection Machine Learning
Ransomware Mitigation
Suspicious Activity Monitor (Flight Recorder)
Endpoint Isolation
Linking Engine Remediation
Ransomware Rollback
Matching-based
Signature-less
Responsecapabilities
Pre- Delivery
Pre- Execution
Post-Execution
![Page 29: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/29.jpg)
29
COMPONENTSE N T E R P R I S E G R A D E R E M E D I A T I O N
Granular Endpoint Isolation
▪ Isolates endpoints to stop the bleeding
▪ Prevents malware from connecting to C&C
▪ Locks remote attackers out
rocess
solation
Desktop
solation
Network
solation
Thorough Remediation
▪ Cleans up primary payload
▪ Detects and removes all dynamic and related threat artifacts
▪ Minimizes end-user impact
RansomwareRollback
▪ Performs just-in-time backups of file changes
▪ Logs/associates changes with specific processes
▪ Rollback damage up to72 hours
![Page 30: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/30.jpg)
30
LEARNED?W H A T H A V E W E
▪ Malware threats continue to grow
▪ Businesses have been hit especially hard in 2018
▪ Malware continues to leverage ‘Eternal’ exploits
▪ Patching software is a necessary first step
▪ Endpoint security software is critical
▪ “Enterprise-grade” remediation is the final ”failsafe” measure to address malware threats
![Page 31: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/31.jpg)
THANK YOU!
Learn More: malwarebytes.com/business
Latest News: blog.malwarebytes.com
Request a Trial: malwarebytes.com/business/trial
See What Others Miss: malwarebytes.com/remediationmap
![Page 32: The Current Malware Threat Landscape and Best Practices ...10 HackTool -45% Overall Detections 2017 39.970.812 79% 2018 71.823.114 2017 vs 2018 WHAT’S CHANGED. 14 US EMOTET BUSINESS](https://reader033.fdocuments.net/reader033/viewer/2022041919/5e6b09b37b06d74f941f8cce/html5/thumbnails/32.jpg)
APPENDIX