By Tyler Moffitt, Senior Threat Research Analyst, Webroot
One of the most common and worrisome threats in the current landscape are multi-vector attacks that combine various threat technologies, deployed in numerous stages, across multiple points of entry (vectors) to infect computers and networks. This blended approach increases both the cyber criminal’s likelihood of success and the severity of damage.
The range of vectors includes email, web browsers, display ads, hyperlinks, files, apps and external devices. More than 85 percent of malware infections occur via web browsing, according to recent analysis from my research team. Basic internet use is a high-risk activity for every customer. You need to emphasize the importance of being able to stop malware at every entry point, because after successfully breaching a system or network, attackers then use their access to deliver malicious payloads, such as adware, spyware, ransomware, keyloggers, viruses, rootkits, and data miners. Let’s first look at how these attacks happen, then discuss a framework to help stop them.
Cyber criminals have so many potential points of entry that successful infection is numbers game. Millions of phishing emails are sent every day trying to plunder login credentials by spoofing websites or fooling users into opening attachments. Usually, these attachments are disguised as harmless Office documents with embedded scripts that silently run in the background to download malicious payloads when opened. These payloads can also be distributed from exploited web pages that inject code directly into a web browser, turning it into a backdoor for malware. Shopping sites with a large circulation on ad networks are a prime target for this vector. A new exploit allows hackers to spread malicious payloads laterally, like a worm, through networks via Microsoft file-sharing applications. This method can even compromise machines with no external connections to the internet, if they are connected to a network that also contains an infected system.
The dangers posed by this mixed bag of vectors are compounded if your customer is directly targeted. Cyber criminals look for vulnerable applications and will tailor phishing emails to appear as though they are originate internally. These attacks are designed to exploit the blind spots of conventional signature-based security, allowing malware to infiltrate systems undetected. A single-vector solution can protect end users only once the malicious payload is already on the system and attempting execution. The infection itself will be blocked only if there is a local signature unique to that new threat variant — a big “if.”
Let’s consider the following attack scenario:
(continued on next page)