Wave Systems Corp. (fka WAVXQ)

[Genz2]

When Malware Returns: Beating the Silent System Killer

https://www.infosecurity-magazine.com/opinions/malware-returns-silent-system/?utm_source=dlvr.it&utm_medium=twitter

Ransomware is the hacker “gift” that just keeps on giving, it seems. A 2017 study shows that more than half of ransomware victims got hit a second (or more) time, often with the same malware – and with ransomware attacks growing significantly since then, it's likely that many more organizations are getting hit multiple times.

It's a problem that especially affects enterprises. Half the companies in the study had 1,000 or more employees, a third had up to 10,000 employees, and 19% had more than 10,000. Enterprises are arguably in the best position to protect themselves from ransomware – they have the scale and resources to deploy the most advanced solutions – and yet they keep getting attacked – in “reruns,” to add insult to injury.

Why is that? Often it's because the companies that are attacked haven't hardened their systems sufficiently to keep hackers out altogether. While they may have remediated the weakness that enabled hackers to break through defense systems for the first attack, there are often other weaknesses that they can take advantage of for additional attacks. There are many paths into a system, and guarding all of them is a major challenge, to say the least.

Maybe there's another reason; if a hacker dispatches their malware in the form of a trojan that bides its time before attacking, it's very possible that the malware that attacked got recorded in a company backup – and when that backup is unrolled after a ransomware attack, it re-enters the system, and gives a return performance.

Is this feasible – or even possible? The answer to both those questions is - yes. With the plethora of malware that systems are subjected to daily, it’s unlikely that anti-virus software, firewalls, filters, and the like will catch everything. According to German software firm GData, a new piece of malware was released into the wild every 3.2 seconds during the first part of 2017; that's a figure that has likely grown. According to Malwarebytes, the use of trojans – malware that hides and bides its time before getting activated – has shot up in 2019.

Taking these two trends together, it's fair to say that the likelihood of malware hiding in a system and copied to a backup is rather high. When the backup is rolled out– because the working system got compromised by hackers – the same malware that brought the system down in the first place could be rolled out as well, enabling hackers to start in a “second act,” and enabling them to continue stealing data, extorting ransom, or causing losses for their victims.

The trick, then, is to ensure that malware doesn’t get into the backup - that they are “hygienic,” and are not infected with hidden security issues. To do that, organizations need to unleash the full force of anti-malware tools at their disposal.

Running these tools on the production data that gets backed up as well as on the backup themselves enables organizations to be as thorough as possible; because these are backups and not production systems, organizations can run a wide range of anti-malware tools without harming production performance.

Throughout the computer era, the mantra has been “back everything up” - or face significant losses because of missing data. Now, backups themselves could be the cause of losses. This is the kind of thing that could wreak havoc in the IT industry; if you can't trust your backup, then how can you trust the data in it, when that data may contain the seeds that will cause losses?

Too many organizations blindly rely on their backups, believing that backups are their insurance policy against a malware or ransomware attack. Indeed, a backup could, and should, provide that kind of insurance – but to ensure that the policy is active, organizations need to ensure that their backups are protected and malware-free.
==================================================================
Before the Trojan (malware) even gets to the back up, why not use Wave Endpoint Monitor to take care of the problem from the start. WEM spots that sneaky malware so this could stop the ransomware from happening in the first place!!! From post #245885 - Only Half of Malware Caught by Signature AV. Maybe Wave should charge $100 per year for Wave Endpoint Monitor since it adds tremendous value and is so great!!! (Please see the links below)
==================================================================
https://www.wavesys.com/malware-protection

Excerpts:

What is malware?

Malware is a general name for software that installs on your organization's computers and creates damage. It includes computer viruses, worms, Trojans, spyware, adware, rootkits, Advanced Persistent Threats and more. These malicious programs could be created by a tenacious adversary, or by financially motivated criminals and inserted into your organization's computers. They may lie there undetected for months or secretly do things like log your keystrokes, steal your passwords, harvest your address book, observe where you go on the Internet, report sensitive data to distant servers, or even wipe or encrypt your data. Recent high profile malware attacks on utilities and countries, even, introduced contaminated software reported to alter the working of physical devices, like uranium enrichment centrifuges, oil rig equipment and water pumps. Malware can be introduced through a web download, an email attachment or even a USB external device for networks that are not connected to the internet.

Software can’t always detect malware

The big problem with malware is that antivirus software doesn’t always detect it. Anti-malware software is based on signatures of known bad software. However, there always needs to be a patient 0 that discovers he is infected, for the rest of the world to benefit from it. In the case of APTs (Advanced Persistent Threats), your organization may be the only target for the specific strand of malware. In that case, the signature detection process will not protect you. Modern anti-malware and other software packages that promise cyber security or protection from APTs would use various heuristics and "AI" (Artificial Intelligence) to detect malware based on a predefined set of behavioral parameters. A sophisticated attacker is able to fine tune the behavior of the malware he is writing against various known anti-malware software solutions, so that it can evade detection for long periods of time.

A further challenge for anti-malware software is that it commonly works at the OS level. It isn’t very good at seeing deeper into the system, where some malware lives. Malware can hide from anti-malware by feeding it false results as it lies lower in the stack.
=================================================================
https://www.wavesys.com/products/wave-endpoint-monitor

Excerpts:

Detect attacks before it’s too late

Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.

Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately.