Malware-as-a-service (MaaS) poses a serious threat to enterprise organizations. MaaS functions much like any other software-as-a-service you may be familiar with, and in some cases even comes with technical support. Hackers develop complex malware systems that can be easily purchased by even the most novice of cybercriminals, who can then launch sophisticated attacks against individuals and businesses. Malware-as-a-service democratizes cybercrime, providing any run-of-the-mill criminal with the expertise of an experienced hacker, drastically increasing the average strength and sophistication of a malware attack.
In a recent report, Darktrace highlighted some concerning Malware –as-a-service trends. Through reverse engineering and detection analysis, Darktrace researchers discovered that “malware strains are progressively developed with a minimum of two functions and are interoperable with a greater number of existing tools.” The depth of features on this malware is consistent with the increase of multi-functional malware sold through Ransomware-as-a-Service (RaaS). The key concern is that these tools can harvest data and credentials without exfiltrating files. Existing cybersecurity systems are good at identifying and flagging behavior known to be associated with malware, file exfiltration being a prime example. Where existing cybersecurity technologies fall short is in detecting unknown and complex threats. Organizations are at great risk when the malware deployed against them is designed to thwart existing security measures, remaining invisible.
Among the most common threats found in the study were malware loaders and information-stealing malware. It is important to note that these are just the investigated threats, those the researchers were able to identify and painstakingly reverse engineer. Companies don’t have the luxury to dedicate entire teams to comb through alerts to reverse engineer each one. Cost notwithstanding, it can take a reverse malware engineer weeks, and sometimes even months to fully flesh out the intentions buried in the code they’re investigating. In day-to-day operations much more malware is deployed than is detected. Even using a robust cybersecurity platform often more files are flagged than can be researched in the same day.
Complex malware, like that provided though MaaS (and RaaS), is created to avoid detection, so while the security team toils to triage and mitigate the most urgent alerts, undetected threats lie in wait. The crux of the matter is this: cybersecurity threats are multiplying at a rate much greater than they can be detected. For a cybersecurity system to recognize malware it relies on signature matching, drawing from vast, well-updated databases. But these databases depend on code that has already been found malicious, so it does nothing to combat against brand new attacks. This system is reactive and puts the burden on security teams to respond rapidly when they become aware of active malware in their system. To defend against complex malware threats, organizations need a defense-in-depth strategy that includes automated threat analysis and intelligence to detect and remediate threats fast.
CodeHunter’s patented detection and analysis technology automates the malware reverse engineering process, instantly detecting and analyzing threats at the code level, where malware can’t hide. Security teams get immediate intelligence on threat vectors, allowing them to focus on remediation and minimizing vulnerabilities.
Get in touch with one of our malware hunting experts to learn more.
Advanced malware threats are invisible to existing security solutions. Find them with CodeHunter.