Go To Home

Malware Detection is a Failing Strategy

by Smokescreen Team

Malware detection

Malware detection is a whack-a-mole game. Like the mythical hydra, when you chop off one head, three more appear, But that’s just half the issue.

Bypassing anti-malware systems is so trivial that attackers don’t treat it as a major obstacle. Even newbie pen-testers know how to go from off-the-shelf malware to “fully undetectable”. Believe me, the attackers have it automated, and commoditised.

Worse still, savvy attackers don’t even rely on malware to accomplish their mission objectives. Nowadays, they get by fine with:

Provides practically any functionality an attacker wants. See the exemplary work by Matt Graeber on Powersploit and  Nikhil Mittal with Nishang. When you can build tools on the box, why risk dropping a binary?

Legitimate administrative tools
Teamviewer, pstools, AmmyAdmin and the like. Organisations use these tools to legitimately administer their systems. Well, so do modern attackers. You’re unlikely to find an anti-malware solution that takes a chance blocking something that might be a critical tool for your IT ops team. Attackers know and exploit this free pass. Application white-listing, sandboxing, heuristics, and signatures all go for a toss.

Stolen credentials
The FIN-4 APT attacks exemplify how devastating malware-free attacks can be. Through the use of stolen credentials and legitimate access channels alone, an attacker has more than enough to succeed.

Dmitri Alperovitch of CrowdStrike said it well in his recent article:

Malware is responsible for only 40 percent of breaches and external attackers are increasingly leveraging malware-free intrusion approaches in order to blend in and fly under the radar by assuming insider credentials within victim organizations… Once the adversary was inside the network, they were able to move around using legitimate credentials and windows system administration tools, without actual use of malware.

As we said in the beginning, malware detection is a failing startegy. Stop solving the symptoms, and start solving the problem.


Continue Reading

  • The pragmatic security leader’s guide to deception technology

    When evaluating deception technology, look at three key components of the solution to ascertain how effective it will be in your environment – visibility, realism, and fingerprintability.
    By Sudarshan Pisupati
  • Using deception to shield the insurance sector

    Insurance companies are under siege from cyberattacks. We take a look at some of the key pieces of an insurer’s infrastructure the adversaries target and how you can use deception to build active defenses.
    By Sudarshan Pisupati
  • Finding active defense opportunities in a pentest report

    Pentest reports tell a story. By asking why a pentester made certain choices, you can find opportunities to influence attacker behavior and actively defend your network.
    By Sudarshan Pisupati
  • Have you tried out IllusionBLACK yet?
    • Detect zero-days, APTs, and insider threats
    • 10x the detection capabilities with 1/2 the team
    • Get started in minutes, fully functional in hours
    Schedule a demo
    Go to home

    Simple solutions for detecting and containing threats. Working with us does not break the bank or your spirit. We’re the company of choice for offensive security teams with a Net Promoter Score of 70+.

    © 2015-2021 Smokescreen. All rights reserved.

    Solutions For
    Web Application AttacksLateral MovementRansomware AttacksTargeted ThreatsSocial EngineeringMalware-less Attacks