Palo Alto Networks recently released its report which underscores the latest trends in malware and what organisations need to know in order to best protect themselves from the shifting threat landscape.
The ability to guard against attacks and malware designed to exploit vulnerabilities means keeping up with trends and predictions to inform your security strategy. Understanding the changing environment is imperative for security professionals to mount a strong defence against sophisticated malware attacks.
Palo Alto Networks’ report, Palo Alto Networks Unit 42 Network Threat Trends Report Vol. 2, focuses on the latest trends in malware and the evolving threat landscape. The insights in the report provide security teams with a better understanding of what’s to come for malware and recommendations for organisations to improve their security posture.
What’s next for malware
Leveraging data collected from Palo Alto Networks Advanced WildFire malware prevention engine, coupled with insights gathered by the Unit 42 threat research team throughout 2022 and early 2023, Palo Alto Networks has formulated four predictions regarding the future direction of malware. These predictions are derived from careful analysis of the trends observed within the collected data, revealing crucial behaviours that warrant close attention and proactive protection measures.
- Malware will increasingly employ red team tools to avoid detection.
Malware attacks will continue to become increasingly complex and leverage advanced tools, such as Cobalt Strike and Metasploit, to avoid detection. These tools, originally designed for legitimate security purposes, have unfortunately been repurposed by threat actors to exploit vulnerabilities and gain unauthorised access to systems. These tools offer functionalities such as social engineering, phishing, spear-phishing and post-exploitation techniques, enabling attackers to infiltrate networks, maintain persistence and move laterally across compromised systems.
- More malware families will use SSL-encrypted traffic to blend in with benign network traffic.
Threat actors are adopting tactics that mimic legitimate businesses. Currently, 12.91% of network traffic generated by malware is SSL encrypted. By mimicking legitimate network traffic and employing sophisticated evasion techniques, bad actors increase their chances of remaining undetected for prolonged periods, exacerbating the potential damage they can inflict.
- Vulnerabilities, especially within OT systems and IoT devices, will continue to rank among the primary entry points for the propagation of malware, posing a significant initial threat vector.
The annual rise in newly discovered vulnerabilities poses a growing challenge for organisations, making it increasingly difficult to prioritise patching and mitigate the associated risks of exploitation in a timely manner. In fact, in 2022, the exploitation of vulnerabilities witnessed a staggering 55% increase when compared to the previous year. This trend in the growing attack surface compels attackers to actively target both old and new vulnerabilities, resulting in organisations being exposed to a higher risk of compromise and unauthorised access.
- Traditional scam techniques will take advantage of AI trends.
With the widespread popularity of ChatGPT and the emergence of various AI-related tools and trends, scammers are poised to exploit users’ enthusiasm, particularly through traditional scams like domain squatting. There has been a noticeable surge in traditional malware techniques that capitalise on the escalating interest in AI and ChatGPT. Given the current trajectory, we anticipate this trend to persist and even intensify in the future.
Recommendations for your security strategy
Assessing your security strategy against trends and predictions can help you discover the right tools and best practices to deploy. To enhance your organisation’s security and minimise its attractiveness as a target, we recommend considering the following:
- Address the increasing complexity of threats with comprehensive oversight.
Comprehensive oversight entails adopting a holistic perspective of your security landscape. It is crucial to integrate robust security capabilities at all levels of your hybrid cloud environment, including hardware, firmware, operating systems and software. Emphasise securing data at rest, in transit and during usage to ensure comprehensive protection. Additionally, it is essential to promote a culture where security best practices are embraced by everyone within the organisation. Collaborative efforts between compliance, security operations and human resources departments are vital to ensure that security protocols are diligently followed at every level of your organisation.
- Use decryption best practices to expose potential threats.
To effectively combat the rise in malicious encrypted traffic, it is essential to enable decryption capabilities on your next-generation firewalls. This empowers security teams to inspect and exert control over SSL/TLS and SSH traffic, thereby detecting and preventing threats that would otherwise remain concealed within encrypted communications. By utilising virtual machine introspection (VMI) to capture the symmetric keys for each SSL connection, the detection of malware can occur seamlessly and covertly. This approach enables security measures to proactively analyse encrypted traffic and effectively neutralise potential threats that may attempt to exploit this hidden avenue.
- Respond to growing vulnerabilities with an effective patch management process.
Maintaining an up-to-date patch management process is crucial for mitigating the impact of vulnerabilities. To minimise the risk of attacks, it is essential to develop a comprehensive process that enables swift patching of newly discovered vulnerabilities. By promptly applying patches and updates, organisations can significantly reduce the window of vulnerability and the potential for exploitation.
- Adopt a Zero Trust mindset for enhanced security.
The adoption of a Zero Trust approach eradicates any implicit trust assumptions within the organisation by consistently validating digital transactions. By implementing Zero Trust best practices, such as deploying controls across all environments (on-premises, data centre and cloud), security teams can effectively bolster their defences against highly sophisticated and evasive threats.
Click below to share this article
