Minerva Labs Releases Evasive Malware 2017 Year in Review
Research Finds a Steady Rise in Tactics Employed by Malware to Bypass Defensive Measures
13 Dec, 2017, 08:00 ET
PETACH TIKVA, Israel, Dec. 13, 2017 /PRNewswire/ -- Minerva Labs, a leading provider of anti-evasion technology for enterprise endpoints, today released the results of their 2017 Evasive Malware Year in Review report, which takes an in-depth look at the approaches used by common malware families to bypass anti-malware tools, including antivirus and analysis sandboxes. The report shares valuable details about these malware samples and their methods, so enterprise defenders can best protect endpoints from such threats.
2017 demonstrated significant advancements in defensive measures, such as artificial intelligence being incorporated into traditional and "next-gen" endpoint security solutions, yet it also confirmed that adversaries continue to find ways around such defensive measures. Minerva's research into the malware families that were prevalent in 2017, including popular exploit kits and ransomware, confirmed that such malicious programs employ at least one evasion technique to penetrate defenses.
According to Lenny Zeltser, Vice President of Products at Minerva Labs, the use of evasion tactics in malicious software will continue to grow in the coming year, in part in response to the continued advancements in endpoint security products. "Evasion techniques will be used in both classic forms of malware, such as ransomware, as well as in malicious software that offers adversaries new revenue streams, such as malicious cryptominers," said Zeltser. "On the defender side, incident response teams will look for ways to more actively combat malicious presence in the enterprise in 2018, going beyond the practice of merely identifying which systems might have been compromised."
The original research by Minerva Labs found a number of significant trends in 2017 that should inform defensive practices in 2018. Some of the key results include:
- Exploit kits, which target vulnerabilities in client-side software of website visitors remained an effective attack vector in 2017. 99% of the campaigns tested were evasive either in the exploit kit or the payload phase.
- Exploit kits were also among the most common ways to spread ransomware in 2017 with over 60% of them applying evasive techniques.
- The Shadow Brokers leak of NSA exploits have been increasingly used by commodity malware for propagation
- As part of their ransomware research activities, Minerva Labs collected representative samples from 60 different ransomware families, including Locky, Spora, TeslaCrypt, Cryptomix, JigSaw and more. Of the samples tested, at least one evasive technique was used; roughly half of the samples used memory injection, 28% used weaponized documents to deliver malware and 24% used environments tests to check whether they are in a hostile environment before executing the attack
- Beyond benefiting from the "established" revenue sources, such as ransomware, adversaries continued to look for additional profitable endeavors, which fueled a steady rise in malicious cryptomining closer to the end of the year.
"In 2017, adversaries continued to monetize or otherwise benefit from the classic use of malicious software, which included holding systems at ransom, conducting industrial espionage, and stealing sensitive personal data. Closer to the end of the year, we've seen an increase in the use of malicious software that used victims' systems to mine cryptocurrency on behalf of the intruder." said Eddy Bobritsky, Co-Founder and CEO of Minerva Labs. "Minerva will continue to provide technology that 'attacks' attempts to evade security tools on the endpoint, strengthening enterprise security posture to cover the gap left by baseline anti-malware tools."
To learn more about this research, please visit the Minerva Labs website and view the full report here: https://l.minerva-labs.com/2017-minerva-labs-yearly-report. A webcast will be held on Tuesday, December 19, 2017, at 1 p.m. (ET) to review the findings. A live demonstration of some of these attacks will also be presented. Register here for the webcast: A Year in Review, 2017 Through the Eyes of Minerva Labs.
A link to the infographic can be found here.
About Minerva Labs
Minerva Labs is an innovative endpoint security solution provider that protects enterprises from today's stealthiest attacks without the need to detect threats first, all before any damage has been done. Minerva Labs Anti-Evasion Platform blocks threats which bypass antivirus and other baseline protection solutions by deceiving the malware and controlling how it perceives its environment. Without relying on signatures, models or behavioral patterns, Minerva Labs solution deceives the malware and causes it to disarm itself, thwarting it before the need to engage costly security resources.
Headquartered in Petach Tikva, Israel, and with offices in New York and Atlanta, Minerva Labs boosts customers' existing defenses without the need to embark upon a costly and risky overhaul of their entire endpoint security architecture. To learn more about Minerva, visit www.minerva-labs.com.
Lumina Communications for Minerva Labs
SOURCE Minerva Labs
Share this article