Light Dark
January 22, 2016 By Jennifer Tullman-Botzer 2 min read
Advanced Threats
Malware

2015: A Big Year for Malware

Anyone who kept up with cybersecurity news in 2015 already knows it was a big year for malware and the cybercriminal gangs that develop it. Malware sophistication reached new heights with Dyre, Shifu and other gang-owned codes, revealing that the stereotypical lone-wolf hacker has been replaced by highly organized cybercrime. Indeed, today’s fraudsters are very professional and focused, and they are diversifying their targets in order to achieve bigger paydays.

With all the advances made in cybercrime throughout recent months, there is little reason to suspect that the evolution of increasingly complex malware strains and the magnitude of cybercriminal activity will slow down in 2016.

In a new white paper released by the Information Security Media Group, IBM Security Executive Security Advisor Limor Kessem discussed how malware evolved in the past year, the variants that concern her most and where organizations are now most vulnerable to attack.

What We Learned

In 2015, existing Trojans added new evasion features and theft mechanisms. New malware that emerged was increasingly modular and advanced, meaning it was able to better impersonate victims and hide its intentions in real time. Perhaps most alarmingly, this growing sophistication has revealed itself not only in banking Trojans, but also in mobile malware realms, as well.

One trend to watch in the mobile arena, Kessem cautioned in the paper, is overlay malware. In an overlay attack, fraudsters place a nearly identical fake application screen on top of a legitimate application, deceiving users into revealing personal data such as payment terminal logins, banking credentials or even credit card details.

With cybercriminals becoming more organized and developing more sophisticated and dangerous malware tactics, it’s no surprise that traditional defenses are struggling to keep up. As just one example, antivirus software cannot reliably detect morphed or rewrapped malware and therefore leaves the endpoint open to exploitation. This stronghold, whether on a personal or corporate device, is where the eventual fraud takes place.

Kessem emphasized that, in a world where malware evolves both rapidly and frequently, malware defenses must also be based on dynamic intelligence. Counteracting the most advanced malware codes requires an agility that is lacking in many current solutions.

Read the white paper to learn more about the latest advances in malware attacks

 |  |  | 
Jennifer Tullman-Botzer
Security Intelligence Editor

More from Advanced Threats
April 9, 2024

Hive0051 goes all in with a triple threat

13 min read - As of April 2024, IBM X-Force is tracking new waves of Russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) activity featuring new iterations of Gamma malware first observed in November 2023. These discoveries follow late October 2023 findings, detailing Hive0051's use of a novel multi-channel method of rapidly rotating C2 infrastructure (DNS Fluxing) to deliver new Gamma malware variants, facilitating more than a thousand infections in a single day. An examination of a sample of the lures associated with the ongoing activity reveals…

November 6, 2023

GootBot – Gootloader’s new approach to post-exploitation

8 min read - IBM X-Force discovered a new variant of Gootloader — the "GootBot" implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims' search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2…

August 2, 2022

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature