Cybersecurity has changed markedly over the last few years. The first malware dates back to the 1970s and led to the creation of the first antivirus -Reaper-, designed to detect computers infected with the malware Creeper and remove it. Since then, cybersecurity has become increasingly important and is now an essential consideration for any organization.
This evolutionary process has taken us from software based on virus blacklists designed to counter known threats during the professionalization of cybercrime in the 1990s, through the setting up of security perimeters and heuristic strategies that leveraged behavior analysis, until the turning point represented by Stuxnet in 2010, the first known example of a weapon designed for cyberwarfare. This saw malware become much more sophisticated, using stealth techniques and becoming practically undetectable, and leading the way for the first zero-day attacks.
Adversaries are now moving so quickly to discover these zero-day vulnerabilities in software, that according to the Internet Security Report from WatchGuard Technologies, during the first quarter of 2020, 67 percent of malware was encrypted – i.e. it was delivered via HTTPS protocols. And, in addition, 72 percent of the encrypted malware was classified as zero-day, so there is no antivirus signature to slow it down as it becomes increasingly undetectable to organizations. This data is in line with the predictions of Gartner, which indicated that during 2020 70 percent of malware attacks will use encryption.
Zero-day attacks – a cyber pandemic
These figures have no doubt been exacerbated by the COVID-19 pandemic and the consequent increase in telecommuting. As this trend has increased, so has the attack surface, forcing companies to strengthen cybersecurity measures to avoid falling victim to criminals.
If we were to look for a cyber equivalent to the COVID-19 pandemic, it might be an attack that spreads automatically using one or more zero-day exploits. As zero-day attacks are rarely discovered immediately, it would take time to identify the virus and prevent it from spreading. Consequently, if it spread across a social network with say, 2 billion users, a virus with a high reproductive rate would take no more than five days to infect more than a billion devices. Yet most worryingly, there are still no patches or antivirus that can counter this type of attack.
To minimize and mitigate the threat from zero-day encrypted malware, there are a number of strategies that IT teams and analysts should consider when planning an organization’s cybersecurity defenses:
- Organizations need to have advanced behavioral detection and response solutions, as traditional antivirus solutions cannot usually deal with such attacks. It is also important to include HTTPS protocol inspection as an indispensable requirement for any strategy.
- These strategies should include a multilayer security service that covers all endpoints. In addition, the services and solutions must be based or run in the cloud, so that triage, investigation, and response processes are immediate and effective.
- To stop this type of malware, tools must leverage artificial intelligence, machine learning, and threat intelligence techniques in order to identify suspicious behavior patterns. As a result, they should be able to generate alerts that are prioritized according to the severity of the threat and that contain all the information required for a rapid and effective response.
Adaptive Defense 360Â enables continuous monitoring, logging, and supervising of all processes on endpoints to block non-trusted software, detect advanced threats in real time, respond in seconds, and facilitate instant recovery. This prevents adversaries from exploiting unknown security holes and stops exploits of vulnerabilities by zero-day attacks.