Wed, September 30, 2020

Five Cybersecurity Threats That Slip By Traditional Antivirus

Since the first computer virus in 1971, security professionals and computer programmers have been playing catch up. As an industry, they continually detect threats, update defenses, then repeat. Many traditional antivirus programs operate on signatures—as malicious software
is discovered, a signature describing the file is generated, added to a database, then the database gets pushed out to the customer base. If the antivirus discovers a file on your machine that matches a signature, that file gets quarantined and/or removed. By December 2018, malware was being discovered at the alarming rate of 350,000 new threats per day. With that number continuing to rise, signature-based antivirus solutions are having a hard time keeping up with the sheer volume, often leaving devices vulnerable. 

Over time, there has been a rise of new defenses; however, each defense triggers a corresponding change in tactics from the bad guys. These changes include malware designed not just to exploit vulnerabilities, but to outwit anti-virus defenses. Given the new reality of working from home during the COVID-19 pandemic, protecting devices that no longer reside within the literal confines of the corporate network is now paramount. 

Lapses in cybersecurity are more likely to occur in the Work From Home (WFH) environment, without proper end-user education. This can not only impact that user’s data, but the entire corporation. And this often leads to Managed Service Providers being held responsible for keeping data safe. It gets worse—Morphisec found that 20% of workers had not received any tips from IT as they moved out of the office and into their homes. Good security posture has never been more important. 

Adding to this inherent danger, recent information has shed light on how the novel coronavirus has opened new avenues of attack. According to reports by RiskIQ, in a single minute, 35 new spam emails are analyzed and 14.6 COVID-related hosts created. In addition, one COVID-19 domain is blacklisted every 15 minutes. 

Here are five cybersecurity threats that slip by traditional antivirus:

1. Polymorphic Malware

As mentioned in the introduction, many traditional antivirus programs rely on signature-based detection. This involves comparing a file against a known entry, otherwise known as a signature, in a database of known threats. 

This style of protection has some clear flaws. First, the antivirus user must have the most recent list of signatures, requiring frequent updates on their part. If that user hasn’t kept their virus definitions current, they’ll be defenseless against newer files. Beyond that, this method of protection is purely reactive. The antivirus company must know about the signature before it can flag it to their user base, and malware often uses protective techniques to avoid detection by antivirus companies. 

2. Weaponized Documents

Criminals often exploit flaws in different document formats to compromise a system. These documents typically use embedded scripts. The criminals obfuscate the code or script within these weaponized documents. It looks harmless even to the trained eye and will slip past antivirus because the antivirus only scans the initial document rather than the code or script after it executes. The attack, once launched, runs in the background without the user’s knowledge. 

3. Browser Drive-by Downloads

Drive-by downloads are files downloaded to the endpoint using vulnerabilities in the browser or a browser add-in. By doing this, the file downloads, and the user and antivirus program are none the wiser. The download could come from a legitimate website with a compromised script or ad service, or it could be a malicious website specifically set up to initiate the download. 

4. Fileless Attacks

Most antivirus programs rely on inspecting a file as it’s written to the device. However, if there isn’t a file to begin with, the antivirus program typically can’t detect the malicious behavior. 

5. Obfuscated Malware

Earlier, we wrote about how security professionals and researchers consistently play “catch up” with the cybercriminals. Antivirus companies use several methods for discovering malware. One common discovery method involves executing files in sandbox environments and observing for malicious behavior. Another common discovery method involves scanning the code for common signs of malicious intent. 

To protect against modern threats, every business should take a layered approach to security. By overlapping multiple security controls, you can mitigate the risk of falling victim to a serious attack. Contact us at 502.267.2552 to learn more.

Call Now Button