The Adventures of the Elusive Malvari: Versatile Defense (Final Thoughts)

This article is part of the Fileless Malware series. All other parts of the series:

I think we can all agree that hackers have a lot of tricks and methods to covertly enter your IT infrastructure and go unnoticed there while they steal your digital assets. The key conclusion of this series is that signature-based malware detection is easily bypassed even by simple approaches, some of which I presented in this series.

I understand very well the security researchers who often call virus scanners useless, but you shouldn’t just throw them away because of this. Still, there are still a lot of malware written by lazy script kiddy hackers that will be blocked by these scanners.

The best ideology in the fight against file-free malware and stealthy exploitation methods is to supplement the standard perimeter protection — port scanners and malware detectors — with secondary lines of defense and have plans for responding and recovering when the inevitable happens, including an attack response program .

I mean the concept of multilateral defense (Defense In-Depth, or DiD) . This is a very practical approach to dealing with advanced hackers who laugh at perimeter security and file signature scanning software.

Does DiD have problems? Of course. The same security professionals who first lost faith in traditional protection measures are now promoting a white list of applications that may be useful to you, especially after the fact of the initial penetration.

As we have seen, the codeless attack methods that I demonstrated earlier in this series can even be used to bypass such a whitelist. This is already falling under the new trend of hacking techniques that undermine faith in legitimate tools and traditional software and use it for their evil purposes.
Stay tuned and stay tuned for future posts.

Question: Can you bypass the Windows security features by secretly passing commands to regsvr32.exe? The answer is yes

Serious about data security

In my opinion, in-depth protection is minimization of harm: we take the worst outcome as a maximum and step by step turn it into something that is no longer too scary for us or will cost too much for the attackers.

Imagine that a hacker entered the network, but because of the ideal restrictive permission policies in your company , you prevented him from gaining access to sensitive data. Or hackers got access to confidential data, but your amazing user behavior analysis technology detected intruders and disabled accounts before dumping millions of credit cards was drained. Or maybe the hacker got access to your clients' email addresses, but your operational violation response plan, which includes real-time monitoring of unusual file activity, allowed you to reach regulatory authorities and victims in record time, thereby avoiding fines and anti-advertising .

Common sense protection

Deep defense is, rather, a set of recommendations and a certain philosophy, that is, some practical steps and solutions to make life easier.

If I personally had to describe such an approach to defense and turn it into three effective points, here would be what I would recommend in the first place:


All Articles