Ë
By Jason Wittick • October 20, 2016

AV and Malware Protection Missing The REAL Threats

 

macro-malware-download.jpg

We’ve all heard it countless times before and while emails remain among the most common vehicles for criminals to infect our systems with malicious code and ransomware, new and far more menacing threats are emerging as instances of ransomware continue to increase.

According to research done at Glasswall Solutions, the first six months of 2016 saw a startling 172% increase in ransomware over the entirety of 2015, with no less than 58% of these attacks delivered via email. Perceived increases in criminality, however, are at least partially a result of improved information security (infosec) protection which has IT professionals watching more carefully and therefore discovering / catching more threats than in the past.

Complacency and continued reliance on signature or definition-based detection, including the outdated technology that supports it, leave organizations vulnerable to more creative means of attack. Many dangerous and sophisticated criminals have moved from trying their luck with previously identified threats and mechanisms to use evolving techniques which have already outpaced the scope and efficacy of traditional security tools. Reactive security solutions which require previous identification of a threat or the fallout from an exploit are no longer enough to actually protect information assets. Interim delays between identification, definition and actual signature generation provide a short but unavoidable window of vulnerability to attack. Criminals are also shifting away from traditional schemes and have started targeting the underlying structure of popular and ubiquitous file types like Word, Excel, PDF, etc. This new strategy is proving successful where macros and other embedded code within a document or file have traditionally been more common vehicles for attack … and experts are only now realizing that the best tools we have at our disposal are insufficient and provide incomplete, temporary, quasi-protection.

After analyzing and comparing many thousands of individual PDF files, Glasswall researchers determined that structural vulnerabilities are poised to exceed those delivered via embedded code, javascript or any combination of the two. Within a three month period, between 70 and 90% of threats were found within the underlying structure of files and not within their respective content. PDFs are a good example of the new malware delivery trend because most document readers are agnostic and promiscuous by design ... focused primarily on displaying content to users and not on security implications. As recently as August of 2016, warnings were issued for Microsoft PDF libraries because a vulnerability had been found which would allow remote code execution after users open bogus, purpose-made, manipulated files. The PDF contents would appear and function normally to a user while remote code was being executed, unbeknownst to existing tools and protection which would have been completely unaware, ineffective and unable to stop it.

Luckily, a new Datex security product called DataStealth is more than just another example of the standard, sub-standard encryption tools on the market today. It can protect information assets in spite of any malicious code or attempt to sniff / scrape data where existing and traditional solutions are behind the curve. While hackers are constantly developing new means to purloin sensitive data, our solution would have already replaced target data with meaningless, worthless placeholders. Transparent to users and hackers alike … DataStealth actually sanitizes your data and provides peace of mind because hackers can not steal what is not there.

 

Tell Me More   Contact Datex today to learn more about DataStealth