Evasive malware is exactly what the name suggests — malware that can continually change its characteristics to avoid detection. And the latest research from WatchGuard’s Threat Lab finds that it’s increasing dramatically.
To compile its Internet Security Report for Q4 2023, WatchGuard analyzed threat telemetry from tens of thousands of its network appliances and millions of endpoint products. The study found that evasive malware detections jumped 37 percent during the quarter. Basic and encrypted malware are also on the rise, with overall malware detections increasing 80 percent.
Zero-day malware detections increased 60 percent. These threats are capable of exploiting vulnerabilities on the same day they’re discovered. The “malware-as-a-service” trend also continued, providing inexperienced hackers with inexpensive, ready-to-use weapons that make it easy to inflict serious damage.
Why These Threats Are Increasing
Few organizations have the tools to detect and block evasive and zero-day malware. Many continue to rely on traditional antivirus software, which looks for known malware “signatures.” That doesn’t work against zero-day malware that’s never been seen before.
Evasive malware uses a variety of techniques to deceive these tools. One such tactic is encryption — the WatchGuard study found that about 55 percent of malware hides behind encryption. Obfuscation techniques disguise the precise functionality by making the malware so complicated that it’s difficult to decipher the code. Polymorphic and metamorphic malware change techniques dynamically.
Further complicating matters is the lack of a robust security strategy. Many organizations focus on reactive detection rather than proactive prevention, and struggle to keep their environment up to date. The persistent cybersecurity skills shortage adds to the problem.
How to Defend Against These Threats
Defending against these threats requires a layered security approach that combines multiple tools and processes. If a threat gets past one defense, there are additional controls to detect and block it. Here are three key pieces of the puzzle.
- Extended Detection and Response (XDR). XDR solutions use advanced automation and analytics capabilities to continuously collect and correlate data from multiple network devices. They then analyze that data to identify suspicious characteristics that might indicate malicious activity. Over time, machine learning algorithms develop the threat intelligence needed to actively hunt for threats and disrupt them before an attack. Using these techniques, XDR solutions can dramatically improve the detection of evasive and zero-day threats.
- Sandboxing. Sandboxing is the process of sending untrusted programs to a tightly controlled environment, where the code is executed and malware analysis is automatically performed. Security professionals can see what happens when the code runs and determine if it’s malicious without damaging the network or device. Sandboxing makes it possible to discover previously unknown malware, including evasive and zero-day threats. IT teams can also conduct investigations to assess the attack method, the source of the threat and the potential impact of a breach.
- Endpoint Protection. Although malware attacks on endpoints are down, they still represent a major threat. Antivirus, intrusion detection and prevention, and other traditional tools are still valuable, particularly when unified in an endpoint protection platform. Endpoint detection and response (EDR) solutions go further, continuously monitoring endpoints and using real-time behavioral analysis to identify suspicious files. When a threat is detected, a rules-based engine automatically initiates a response.
How Verteks Can Help
WatchGuard recommends partnering with a managed services provider (MSP) who can provide comprehensive protection against these threats. Verteks is a longtime WatchGuard partner with expertise across the company’s security solutions. We deliver these solutions in a fully managed approach combined with ongoing monitoring and administration of the IT environment. Let us help you develop a strategy for combatting evasive and zero-day malware.